Subject: hal: does not work with dynamically assigned secondary groups Package: hal Version: 0.5.11-4 Severity: normal
There seems to be a regression (this worked before) in the way at least
the plugdev group is interpreted by hal. I have a setup where users who
log in on the console are provided with extra groups like so:
- add "auth optional pam_group.so" to /etc/pam.d/gdm
- add "gdm; :*; *; Al0000-2400;
audio,floppy,video,cdrom,scanner,plugdev,voice"
to /etc/security/group.conf
This causes the named groups to be assigned when the user logs in
through gdm (the second command does username/group lookups, the fist
one gets the groups from the process):
% id -a
uid=1000(arthur) gid=100(users)
groups=22(voice),24(cdrom),25(floppy),29(audio),40(src),44(video),46(plugdev),100(users),112(scanner)
% id -a arthur
uid=1000(arthur) gid=100(users) groups=40(src),46(plugdev),100(users)
One this setup users are set up in an LDAP server. The plugdev group is
not in LDAP because it is a system group so there is no central way to
add the user to that group. Adding all users to the plugdev group on all
systems is not really an option (this would be a lot of work when adding
or removing users).
This setup worked before but now I have to add the user to the plugdev
group in /etc/group for it to work, otherwise gnome-mount fails with
this error message:
% gnome-mount --hal-udi=/org/freedesktop/Hal/devices/volume_label_MyCD --text
--verbose
gnome-mount 0.7
** (gnome-mount:19399): DEBUG: Mounting
/org/freedesktop/Hal/devices/volume_label_MyCD
** (gnome-mount:19399): DEBUG: read default option 'uid=' from gconf strlist
key /system/storage/default_options/iso9660/mount_options
** (gnome-mount:19399): DEBUG: Mounting
/org/freedesktop/Hal/devices/volume_label_MyCD with mount_point='MyCD',
fstype='', num_options=1
** (gnome-mount:19399): DEBUG: option='uid=1000'
** (gnome-mount:19399): WARNING **: Mount failed for
/org/freedesktop/Hal/devices/volume_label_MyCD
org.freedesktop.DBus.Error.AccessDenied : A security policy in place prevents
this sender from sending this message to this recipient, see message bus
configuration file (rejected message had interface
"org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)"
destination "org.freedesktop.Hal")
What is the best way to give users who log in through gdm the proper
access rights to mount filesystems?
[after some more searching]
In /etc/dbus-1/system.d/hal.conf there is a reference to an at_console
policy. Installing the consolekit package seems to get everything
working.
There may be two issues here. The first is that hal does not pick up the
runtime secondary groups any more.
The seconds is probably more a documentation issue. It took me a lot of
googling, grepping, running daemons in debugging mode, looking in XML
configuration files and reverse dependencies before I got at consolekit,
policykit and finally policykit-gnome which is probably the package I
want. Some shortcuts would be helpful here (some package could recommend
policykit-gnome or a helpful note in a README.Debian). Not sure which
package should do that though.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages hal depends on:
ii adduser 3.110 add and remove users and groups
ii dbus 1.2.1-3 simple interprocess messaging syst
ii hal-info 20081001-1 Hardware Abstraction Layer - fdi f
ii libc6 2.7-14 GNU C Library: Shared libraries
ii libdbus-1-3 1.2.1-3 simple interprocess messaging syst
ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst
ii libexpat1 2.0.1-4 XML parsing C library - runtime li
ii libgcc1 1:4.3.2-1 GCC support library
ii libglib2.0-0 2.16.6-1 The GLib library of C routines
ii libhal-storage1 0.5.11-4 Hardware Abstraction Layer - share
ii libhal1 0.5.11-4 Hardware Abstraction Layer - share
ii libsmbios1 0.13.13-1 Provide access to (SM)BIOS informa
ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3
ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library
ii libvolume-id0 0.125-7 libvolume_id shared library
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii mount 2.13.1.1-1 Tools for mounting and manipulatin
ii pciutils 1:3.0.0-6 Linux PCI Utilities
ii pm-utils 1.1.2.4-1 utilities and scripts for power ma
ii udev 0.125-7 /dev/ and hotplug management daemo
ii usbutils 0.73-10 Linux USB utilities
Versions of packages hal recommends:
ii eject 2.1.5+deb1-4 ejects CDs and operates CD-Changer
pn libsmbios-bin <none> (no description available)
Versions of packages hal suggests:
pn gnome-device-manager <none> (no description available)
-- no debconf information
--
-- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
