PolicyKit / polkit in openSUSE : problem with configuration files
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
PolicyKit / polkit in openSUSE : problem with configuration files
Hi,
after a recent update my policykit permissions stopped working, and I can't understand why.
An example: mounting a flash drive requires password, hinting on org.freedesktop.udisks.filesystem-mount. /usr/share/polkit-1/actions/org.freedesktop.udisks.policy has the following:
Code:
<action id="org.freedesktop.udisks.filesystem-mount">
<description>Mount a device</description>
<message>Authentication is required to mount the device</message>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
It is correct, right? So WTF prevents the policy from working? Is there some other config file which takes precedence?
Same thing happens when rebooting / shutting down, etc.
There is also this confusing thing about polkit-1 and "old" PolicyKit, but as far as I can tell, they manage different actions and shouldn't be the source of the problem.
What can be the source of the problem? Thanks in advance.
to grant rights to a specific user
and then an /etc/polkit-1/localauthority/50-local.d/my-polkit-udisks.pkla file containing
Code:
[udisks full access]
Identity=unix-group:wheel[/B]
Action=org.freedesktop.udisks.*
ResultActive=yes
[Change CPU Frequency scaling]
Identity=unix-group:wheel
Action=org.gnome.cpufreqselector
ResultActive=yes
or for your user
Code:
[udisks full access]
Identity=unix-user:username
Action=org.freedesktop.udisks.*
ResultActive=yes
[Change CPU Frequency scaling]
Identity=unix-user:username
Action=org.gnome.cpufreqselector
ResultActive=yes
I've created /etc/polkit-1/localauthority dir, copied /var/lib/polkit-1/localauthority/10-vendor.d there (to have a reference) and created /etc/polkit-1/localauthority/50-local.d, where I put two files: /etc/polkit-1/localauthority/50-local.d/org.freedesktop.hal.power-management.pkla and /etc/polkit-1/localauthority/50-local.d/org.freedesktop.udisks.pkla, containing the following:
It didn't help. Trying to reboot still gives this warning on the bottom of the menu: org.freedesktop.hal.power-management.reboot auth_admin_keep_always <-- (action, result). Trying to suspend or hibernate shows an authentication prompt for a second, then screensaver kicks in and locks the screen.
Same with removable media: no automount, mounting requires root, and now devices don't even show in thunar's sidebar (it used to draw them half-transparent, so you could click and mount them automatically).
I looked through the .pkla files and have not found any entries that have "auth_admin_keep_always" string. Neither is it present in /usr/share/polkit-1/action policies, which makes me wonder if there are still some other config files overriding customized policies… according to pklocalauthority manual this shouldn't be the case.
Last edited by rrije; 04-17-2011 at 07:20 AM.
Reason: spellcheck
I looked through the .pkla files and have not found any entries that have "auth_admin_keep_always" string. Neither is it present in /usr/share/polkit-1/action policies, which makes me wonder if there are still some other config files overriding customized policies… according to pklocalauthority manual this shouldn't be the case.
You could look for a overriding file in /etc/polkit-1/localauthority.
It would have to be >50 to override. For example any file in 90-mandatory.d ( if you have it.)
Otherwise I can't see why this is not working, although I do not have hal on my systems any more.
Try using an actual group name instead of *, maybe power.
Last edited by andrewthomas; 05-13-2011 at 09:57 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.