On 2018-11-15, Wolfgang Schweer wrote:
> on diskless workstations removable media can no longer be mounted due to
> missing
> authorization.
>
> As far as I was able to find out, it seems to be due to security related
> changes
> to udisks. The UDisks2 policy requires a logged in user available via 'w' or
> 'who'. While workarounds¹ are possible, imo the proper fix would be if LDM
> could register the login session with wtemp and utemp.
This is a non-trivial task for thin clients with LDM, unfortunately.
For fat clients, it starts the user using 'su -' which should register
the session in wtmp... but maybe some other issue is breaking that.
Realistically speaking, LDM is deprecated, there's just unfortunately no
working replacement... :/
Your workaround could be applied in init-ltsp.d or one of the other
various hooks.
> ¹Maybe patch /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy on the
> fly for each session via a script in init-ltsp.d, using:
>
> --- a/org.freedesktop.UDisks2.policy 2018-09-28 21:48:23.0 +0200
> +++ b/org.freedesktop.UDisks2.policy 2018-11-14 22:10:15.277057756 +0100
> @@ -84,7 +84,7 @@
> 挂载文件系统需要身份验证
> 要掛載檔案系統需要先核對身分
>
> - auth_admin
> + yes
>auth_admin
>yes
>
> @@ -165,7 +165,7 @@
> 挂载文件系统需要身份验证
> 要掛載檔案系統需要先核對身分
>
> - auth_admin
> + yes
>auth_admin
>auth_admin_keep
>
live well,
vagrant
signature.asc
Description: PGP signature