Re: [gentoo-user] Re: automounting usb drives [SOLVED]

2011-02-27 Thread luis jure 
on 2011-02-27 at 13:51 Paul Colquhoun wrote:

Hmmm.  equery b for  /etc/PolicyKit/PolicyKit.conf or
just /etc/PolicyKit doesn't return any packages on my system.

from what i could find on the web, it seems to me
that /etc/PolicyKit/PolicyKit.conf belongs to a deprecated policykit
package, superseded (at least on my system) by polkit, the configuration
files of which are under /etc/polkit-1

now, i found lots of examples on the web how to configure the old
PolicyKit.conf file to allow normal users mount usb devices, but it took
some time to find out how to configure the polkit files. here's what i
found, and it works:


/etc/polkit-1/localauthority.conf.d/50-localauthority.conf :

[Configuration]
AdminIdentities=unix-group:wheel 


/etc/polkit-1/localauthority/50-local.d/11-my-polkit-udisks.pkla

[udisks full access]
Identity=unix-user:your username
Action=org.freedesktop.udisks.*
ResultAny=yes

[http://forums.gentoo.org/viewtopic-t-858965-postdays-0-postorder-asc-start-25.html]

i guess that in the second file i could also use unix-group:wheel (or users
or whatever) instead of unix-user, but i'm the only one using this machine,
so it's just as well.

now automounting just works, without needing anything else, like udev
rules or additional automonting packages. 

PENDING ISSUE: on thunar (and xfce, the other file manager i occasionally
use) i can eject the drive but no umount it (i mean the ability to umount
the file system but not delete the mount point under /media)

a big thank you (und vielen dank) to everybody!

lj

[gentoo-user] Re: automounting usb drives [SOLVED]

2011-02-27 Thread walt 

On 02/27/2011 04:54 AM, luis jure wrote:


PENDING ISSUE: on thunar (and xfce, the other file manager i occasionally
use) i can eject the drive but no umount it (i mean the ability to umount
the file system but not delete the mount point under /media)


The auth/policy landscape has changed so quickly in the last few months
that I can't keep up, but I can tell you that you might want to play with
the command-line tools from consolekit and polkit when root-versus-user
problems occur.

For example, look through the output of pkaction --verbose for this:

org.freedesktop.udisks.drive-detach:
  description:   Detach a drive
  message:   Authentication is required to detach the drive
  vendor:The udisks Project
  vendor_url:http://udisks.freedesktop.org/
  icon:  drive-removable-media
  implicit any:  no
  implicit inactive: no
  implicit active:   yes

Look at the last three lines for 'any' 'inactive' and 'active'. What do
they mean?

They refer to your 'console session', which you can list with ck-list-sessions:

Session1:
unix-user = '1001'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = FALSE== NOTE
x11-display = ''
x11-display-device = ''
display-device = '/dev/tty1'
remote-host-name = ''
is-local = TRUE
on-since = '2011-02-27T14:05:03.842279Z'
login-session-id = '1'
idle-since-hint = '2011-02-27T14:05:40.005781Z'
Session2:
unix-user = '1001'
realname = '(null)'
seat = 'Seat1'
session-type = ''
active = TRUE   === NOTE
x11-display = ':0'
x11-display-device = '/dev/tty7'
display-device = '/dev/tty1'
remote-host-name = ''
is-local = TRUE === NOTE
on-since = '2011-02-27T14:05:16.819654Z'
login-session-id = '1'

Session1 is my original login on tty1, from which I typed 'startx'.

That session is not active because I'm writing this from inside the
gnome desktop, i.e. Session2, which *is* active (note the tty7).

The old defunct policykit also dictated whether a session had to be
'local' to do certain things, but that may have vanished, dunno.

The old policykit came with very simple and understandable tools to
set and edit policies, and the defunct gnome-policykit gave you a
simple gui frontend so you could tell WTF you were doing.

Alas, no more, and the new system is virtually opaque.  Not well done,
IMHO.

My point is (almost forgot it) that automounting stopped working for
many months in gnome because consolekit claimed that my ck-session
was *not* active and *not* local even though obviously it was both.

Some recent update finally fixed that bug, thankfully, but I have
no idea which update.