Bug 435776

please attach the output of lshal and the file /usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy

Created attachment 245928 [details]
/usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy

Created attachment 245930 [details]
lshal output (with the camera attached)

Is it only a problem with this particular device or with all external media?

Can you try to mount the device via qdbusviewer (find the hal service on the system bus, find the device and execute the mount method there)?

(In reply to comment #4 from Danny Kukawka)
> Is it only a problem with this particular device or with all external media?

I just tested with my USB cardreader - same result. My openSUSE USB stick also fails. -> Looks like this affects all usb-storage media.

> Can you try to mount the device via qdbusviewer (find the hal service on the
> system bus, find the device and execute the mount method there)?

I can - if you give me some more details about what I should do ;-)
- which of the /org/freedesktop/Hal/devices/usb* devices should I select?
- how can I mount it in qdbusviewer? By clicking on some (which?) method?

(In reply to comment #5 from Christian Boltz)
> (In reply to comment #4 from Danny Kukawka)
> > Can you try to mount the device via qdbusviewer (find the hal service on the
> > system bus, find the device and execute the mount method there)?
> 
> I can - if you give me some more details about what I should do ;-)
> - which of the /org/freedesktop/Hal/devices/usb* devices should I select?

Check the output to find the correct device. Search for /dev/sd* of your device. It should be a /org/freedesktop/Hal/devices/volume* device.

> - how can I mount it in qdbusviewer? By clicking on some (which?) method?

If you have found the device in qdbusviewer, click on org.freedesktop.Hal.Device.Volume under the device, select Method: Mount, fillout the dialog and press okay. Gets the volume mounted?

(In reply to comment #6 from Danny Kukawka)
> Check the output to find the correct device. Search for /dev/sd* of your
> device. It should be a /org/freedesktop/Hal/devices/volume* device.

OK, found it.

udi = '/org/freedesktop/Hal/devices/volume_uuid_183C_DC78'
  block.device = '/dev/sdb'  (string)

Sidenotes:
- the USB stick is not partitioned
- "mount /dev/sdb /mnt" works as root (tested after trying with qdbusviewer)

> click on org.freedesktop.Hal.Device.Volume under the device, select
> Method: Mount, fillout the dialog and press okay. Gets the volume mounted?

I tried two different mountpoints (/media/usb and /home/cb/mount/) - but the USB stick was never mounted.

Unfortunately there isn't any error message, qdbusviewer shows "Connected to D-Bus." all the time.

What prints polkit-auth if you are logged in as user?

(In reply to comment #8 from Danny Kukawka)
> What prints polkit-auth if you are logged in as user?

# polkit-auth
#

-> nothing (with $? = 0)

Looks as if PolicyKit (or maybe ConsoleKit, not sure) is broken, since it don't list all allowed and installed policies.

Reassing to package maintainer.

please post the output of 'ck-list-sessions' and 'polkit-auth' (as user, not as root!).

(In reply to comment #12 from Ludwig Nussel)
> please post the output of 'ck-list-sessions' and 'polkit-auth' (as user, 
> not as root!).

# polkit-auth
(no output)

# ck-list-sessions
** (ck-list-sessions:6031): WARNING **: Failed to get list of seats: The permission of the setuid helper is not correct

Seems we get near the problem...

(In case it is relevant: I use permissions.secure)

(In reply to comment #13 from Christian Boltz)
> (In reply to comment #12 from Ludwig Nussel)
> > please post the output of 'ck-list-sessions' and 'polkit-auth' (as user, 
> > not as root!).
> 
> # polkit-auth
  ^ that's a root prompt

> # ck-list-sessions
> ** (ck-list-sessions:6031): WARNING **: Failed to get list of seats: The
> permission of the setuid helper is not correct
> 
> Seems we get near the problem...
> 
> (In case it is relevant: I use permissions.secure)

Ah, that's it. Try chmod 4750 /lib/dbus-1/dbus-daemon-launch-helper

fixed package submitted

(In reply to comment #14 from Ludwig Nussel)
> > # polkit-auth
>   ^ that's a root prompt

It was really called as user. It's just that I have a non-default $PS1 ;-)

> > # ck-list-sessions
> > ** (ck-list-sessions:6031): WARNING **: Failed to get list of seats: The
> > permission of the setuid helper is not correct
> > 
> > Seems we get near the problem...
> > 
> > (In case it is relevant: I use permissions.secure)
> 
> Ah, that's it. Try chmod 4750 /lib/dbus-1/dbus-daemon-launch-helper

It still doesn't work, with the same error message.
(I rebooted the system after the chmod command to be sure)

At least polkit-auth and ck-list-sessions give me some output now (yes, as user ;-) - so it looks like the problem is _partially_ fixed.

# polkit-auth
org.gnome.clockapplet.mechanism.settimezone
org.freedesktop.hal.device-access.sound
org.freedesktop.hal.device-access.video4linux
org.freedesktop.hal.device-access.cdrom
org.freedesktop.hal.device-access.dvb
org.freedesktop.hal.device-access.camera
org.freedesktop.hal.device-access.scanner
org.freedesktop.hal.device-access.audio-player
org.freedesktop.hal.device-access.ieee1394-iidc
org.freedesktop.hal.device-access.ieee1394-avc
org.freedesktop.hal.device-access.pda
org.freedesktop.hal.device-access.floppy
org.freedesktop.hal.device-access.joystick
org.freedesktop.hal.device-access.mouse
org.freedesktop.hal.device-access.video
org.freedesktop.packagekit.system-update
org.opensuse.smpppd.connect

# ck-list-sessions
Session1:
        uid = '500'
        realname = 'Christian Boltz'
        seat = 'Seat1'
        session-type = ''
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty7'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2008-10-21T10:28:17.296461Z'

I suppose you've set POLKIT_DEFAULT_PRIVS to "restrictive". That won't give you more than some device access privileges.
Obviously the setting for the clock applet and smpppd shouldn't be listed either, those are actually bugs in the settings.

wrong settings corrected.

(In reply to comment #17 from Ludwig Nussel)
> I suppose you've set POLKIT_DEFAULT_PRIVS to "restrictive". That won't give 
> you more than some device access privileges.

I did not change these settings, all I did was updating to 11.1 beta2 and now beta3. Current settings:

# grep -r POLKIT /etc/sysconfig/
./security:CHECK_POLKIT_PRIVS=""
./security:POLKIT_DEFAULT_PRIVS=""

Since the comment in /etc/sysconfig/security says about POLKIT_DEFAULT_PRIVS:
    # Defaults to "standard" if not specified. The 'local' file is
    # always evaluated and takes precedence over all other files.
I'm reopening this bug again. Please fix either the comment ;-) or the permissions.

The comment is correct. Maybe you need to run set_polkit_default_privs once. All I can say that everything looks good at your system now and it works for me. So I keep this closed.

(In reply to comment #20 from Ludwig Nussel)
> The comment is correct. Maybe you need to run set_polkit_default_privs once.
> All I can say that everything looks good at your system now and it works for
> me. So I keep this closed.

Running set_polkit_default_privs had only one effect: kupdateapplet now crashes on startup (bug 439473). I still can't mount USB storage devices as user.
(After some searching, it might be that I hit bug 416956. I'll test this later.)

This is an autogenerated message for OBS integration:
This bug (435776) was mentioned in
https://build.opensuse.org/request/show/89843 Tumbleweed / permissions