Bonjour,
I want to be able to open a crypted device as a non-root user and I modified the file
/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
in order to do that.
That works, but it is not a good thing to modify a file from the distrib to create a local configuration.
There is an empty directory /etc/udisks2/modules.conf.d where I tried to guess what I could put inside for my purpose, but everything failed.
I did not find a clear doc about the udisks2 configuration.
Does anyone knows how to proceed?
Thank you.
-------- Message transféré -------- Sujet : udisks2 configuration Date : Sat, 26 May 2018 17:17:35 +0200 De : François Patte francois.patte@mi.parisdescartes.fr Organisation : Université Paris Descartes Pour : users@lists.fedoraproject.org
Bonjour,
I want to be able to open a crypted device as a non-root user and I modified the file
/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
in order to do that.
That works, but it is not a good thing to modify a file from the distrib to create a local configuration.
There is an empty directory /etc/udisks2/modules.conf.d where I tried to guess what I could put inside for my purpose, but everything failed.
I did not find a clear doc about the udisks2 configuration.
Does anyone knows how to proceed?
Thank you.
On 26 May 2018 at 17:17, François Patte francois.patte@mi.parisdescartes.fr wrote:
Bonjour,
I want to be able to open a crypted device as a non-root user and I modified the file
/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
in order to do that.
That works, but it is not a good thing to modify a file from the distrib to create a local configuration.
There is an empty directory /etc/udisks2/modules.conf.d where I tried to guess what I could put inside for my purpose, but everything failed.
I did not find a clear doc about the udisks2 configuration.
You need a polkit rule; create a text file, /etc/polkit-1/rules.d/filename.rules, and put something like this in it:
polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.udisks2.encrypted-unlock") && subject.local && subject.active && subject.isInGroup("YOUR_USER_GROUP") ) { return polkit.Result.YES; } });
`man polkit` for more details, and there are many examples in /usr/share/polkit-1/rules.d/* .
Good luck.
Le 26/05/2018 à 23:48, Ahmad Samir a écrit :
On 26 May 2018 at 17:17, François Patte francois.patte@mi.parisdescartes.fr wrote:
Bonjour,
I want to be able to open a crypted device as a non-root user and I modified the file
/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
in order to do that.
That works, but it is not a good thing to modify a file from the distrib to create a local configuration.
There is an empty directory /etc/udisks2/modules.conf.d where I tried to guess what I could put inside for my purpose, but everything failed.
I did not find a clear doc about the udisks2 configuration.
You need a polkit rule; create a text file, /etc/polkit-1/rules.d/filename.rules, and put something like this in it:
polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.udisks2.encrypted-unlock") && subject.local && subject.active && subject.isInGroup("YOUR_USER_GROUP") ) { return polkit.Result.YES; } });
`man polkit` for more details, and there are many examples in /usr/share/polkit-1/rules.d/* .
Thank you for your quick answer, but I am sorry to say that it does not work for me... whatever the name I give to the rules file....
Is there a way to debug udisksctl?
Thank you.
Le 27/05/2018 à 10:45, François Patte a écrit :
Le 26/05/2018 à 23:48, Ahmad Samir a écrit :
On 26 May 2018 at 17:17, François Patte francois.patte@mi.parisdescartes.fr wrote:
Bonjour,
I want to be able to open a crypted device as a non-root user and I modified the file
/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
in order to do that.
That works, but it is not a good thing to modify a file from the distrib to create a local configuration.
There is an empty directory /etc/udisks2/modules.conf.d where I tried to guess what I could put inside for my purpose, but everything failed.
I did not find a clear doc about the udisks2 configuration.
You need a polkit rule; create a text file, /etc/polkit-1/rules.d/filename.rules, and put something like this in it:
This did not work because of a typo:
polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.udisks2.encrypted-unlock") &&
a double parenthese is needed before "action" in the above line.
subject.local && subject.active && subject.isInGroup("YOUR_USER_GROUP") ) { return polkit.Result.YES; }});
`man polkit` for more details, and there are many examples in /usr/share/polkit-1/rules.d/* .
Thank you for your quick answer, but I am sorry to say that it does not work for me... whatever the name I give to the rules file....
Is there a way to debug udisksctl?
Thank you.
On 27 May 2018 at 10:45, François Patte francois.patte@mi.parisdescartes.fr wrote:
Le 26/05/2018 à 23:48, Ahmad Samir a écrit :
You need a polkit rule; create a text file, /etc/polkit-1/rules.d/filename.rules, and put something like this in it:
polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.udisks2.encrypted-unlock") && subject.local && subject.active && subject.isInGroup("YOUR_USER_GROUP") ) { return polkit.Result.YES; } });
`man polkit` for more details, and there are many examples in /usr/share/polkit-1/rules.d/* .
Thank you for your quick answer, but I am sorry to say that it does not work for me... whatever the name I give to the rules file....
Is there a way to debug udisksctl?
[...]
You said that by editing /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy , you got it to work for non-root user. What did you edit exactly? because the action you edited in that file, would be the action you have to use in the .rules file in /etc/polkit-1/rules.d/.
I think you'd need to debug polkit, not udisksctl. IIRC if you press cancel in the polkit authorisation window, an message is sent to the system log about that, and usually it contains the exact action that failed to be properly authorised.
(Sorry for the rather late reply, you mail got lost in my swamped inbox...).
-- Ahmad Samir
-
Ahmad Samir -
François Patte