On 2018-11-15, Wolfgang Schweer wrote: > on diskless workstations removable media can no longer be mounted due to > missing > authorization. > > As far as I was able to find out, it seems to be due to security related > changes > to udisks. The UDisks2 policy requires a logged in user available via 'w' or > 'who'. While workarounds¹ are possible, imo the proper fix would be if LDM > could register the login session with wtemp and utemp.
This is a non-trivial task for thin clients with LDM, unfortunately. For fat clients, it starts the user using 'su -' which should register the session in wtmp... but maybe some other issue is breaking that. Realistically speaking, LDM is deprecated, there's just unfortunately no working replacement... :/ Your workaround could be applied in init-ltsp.d or one of the other various hooks. > ¹Maybe patch /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy on the > fly for each session via a script in init-ltsp.d, using: > > --- a/org.freedesktop.UDisks2.policy 2018-09-28 21:48:23.000000000 +0200 > +++ b/org.freedesktop.UDisks2.policy 2018-11-14 22:10:15.277057756 +0100 > @@ -84,7 +84,7 @@ > <message xml:lang="zh_CN">挂载文件系统需要身份验证</message> > <message xml:lang="zh_TW">要掛載檔案系統需要先核對身分</message> > <defaults> > - <allow_any>auth_admin</allow_any> > + <allow_any>yes</allow_any> > <allow_inactive>auth_admin</allow_inactive> > <allow_active>yes</allow_active> > </defaults> > @@ -165,7 +165,7 @@ > <message xml:lang="zh_CN">挂载文件系统需要身份验证</message> > <message xml:lang="zh_TW">要掛載檔案系統需要先核對身分</message> > <defaults> > - <allow_any>auth_admin</allow_any> > + <allow_any>yes</allow_any> > <allow_inactive>auth_admin</allow_inactive> > <allow_active>auth_admin_keep</allow_active> > </defaults> live well, vagrant
signature.asc
Description: PGP signature