Bugzilla – Bug 435776
dbus-daemon-launch-helper neeeds to be setuid in level secure
Last modified: 2011-10-31 21:01:23 UTC
Automounting an usb mass storage device (in my case: my camera) fails at least with KDE 3 (I didn't test KDE 4 or GNOME). When plugging the camera in, the usual "device detected, what shall I do?" dialog appears. I choose to open a new window for it. The window opens media:/sdb1 - but instead of showing the content of the camera's memory card, an error message pops up: org.freedesktop.hal.storage.mount-removable auth_admin_keep_always <-- (action, result) Workaround: I can manually mount the camera as root ("mount /dev/sdb1 /mnt").
please attach the output of lshal and the file /usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy
Created attachment 245928 [details] /usr/share/PolicyKit/policy/org.freedesktop.hal.storage.policy
Created attachment 245930 [details] lshal output (with the camera attached)
Is it only a problem with this particular device or with all external media? Can you try to mount the device via qdbusviewer (find the hal service on the system bus, find the device and execute the mount method there)?
(In reply to comment #4 from Danny Kukawka) > Is it only a problem with this particular device or with all external media? I just tested with my USB cardreader - same result. My openSUSE USB stick also fails. -> Looks like this affects all usb-storage media. > Can you try to mount the device via qdbusviewer (find the hal service on the > system bus, find the device and execute the mount method there)? I can - if you give me some more details about what I should do ;-) - which of the /org/freedesktop/Hal/devices/usb* devices should I select? - how can I mount it in qdbusviewer? By clicking on some (which?) method?
(In reply to comment #5 from Christian Boltz) > (In reply to comment #4 from Danny Kukawka) > > Can you try to mount the device via qdbusviewer (find the hal service on the > > system bus, find the device and execute the mount method there)? > > I can - if you give me some more details about what I should do ;-) > - which of the /org/freedesktop/Hal/devices/usb* devices should I select? Check the output to find the correct device. Search for /dev/sd* of your device. It should be a /org/freedesktop/Hal/devices/volume* device. > - how can I mount it in qdbusviewer? By clicking on some (which?) method? If you have found the device in qdbusviewer, click on org.freedesktop.Hal.Device.Volume under the device, select Method: Mount, fillout the dialog and press okay. Gets the volume mounted?
(In reply to comment #6 from Danny Kukawka) > Check the output to find the correct device. Search for /dev/sd* of your > device. It should be a /org/freedesktop/Hal/devices/volume* device. OK, found it. udi = '/org/freedesktop/Hal/devices/volume_uuid_183C_DC78' block.device = '/dev/sdb' (string) Sidenotes: - the USB stick is not partitioned - "mount /dev/sdb /mnt" works as root (tested after trying with qdbusviewer) > click on org.freedesktop.Hal.Device.Volume under the device, select > Method: Mount, fillout the dialog and press okay. Gets the volume mounted? I tried two different mountpoints (/media/usb and /home/cb/mount/) - but the USB stick was never mounted. Unfortunately there isn't any error message, qdbusviewer shows "Connected to D-Bus." all the time.
What prints polkit-auth if you are logged in as user?
(In reply to comment #8 from Danny Kukawka) > What prints polkit-auth if you are logged in as user? # polkit-auth # -> nothing (with $? = 0)
Looks as if PolicyKit (or maybe ConsoleKit, not sure) is broken, since it don't list all allowed and installed policies. Reassing to package maintainer.
please post the output of 'ck-list-sessions' and 'polkit-auth' (as user, not as root!).
(In reply to comment #12 from Ludwig Nussel) > please post the output of 'ck-list-sessions' and 'polkit-auth' (as user, > not as root!). # polkit-auth (no output) # ck-list-sessions ** (ck-list-sessions:6031): WARNING **: Failed to get list of seats: The permission of the setuid helper is not correct Seems we get near the problem... (In case it is relevant: I use permissions.secure)
(In reply to comment #13 from Christian Boltz) > (In reply to comment #12 from Ludwig Nussel) > > please post the output of 'ck-list-sessions' and 'polkit-auth' (as user, > > not as root!). > > # polkit-auth ^ that's a root prompt > # ck-list-sessions > ** (ck-list-sessions:6031): WARNING **: Failed to get list of seats: The > permission of the setuid helper is not correct > > Seems we get near the problem... > > (In case it is relevant: I use permissions.secure) Ah, that's it. Try chmod 4750 /lib/dbus-1/dbus-daemon-launch-helper
fixed package submitted
(In reply to comment #14 from Ludwig Nussel) > > # polkit-auth > ^ that's a root prompt It was really called as user. It's just that I have a non-default $PS1 ;-) > > # ck-list-sessions > > ** (ck-list-sessions:6031): WARNING **: Failed to get list of seats: The > > permission of the setuid helper is not correct > > > > Seems we get near the problem... > > > > (In case it is relevant: I use permissions.secure) > > Ah, that's it. Try chmod 4750 /lib/dbus-1/dbus-daemon-launch-helper It still doesn't work, with the same error message. (I rebooted the system after the chmod command to be sure) At least polkit-auth and ck-list-sessions give me some output now (yes, as user ;-) - so it looks like the problem is _partially_ fixed. # polkit-auth org.gnome.clockapplet.mechanism.settimezone org.freedesktop.hal.device-access.sound org.freedesktop.hal.device-access.video4linux org.freedesktop.hal.device-access.cdrom org.freedesktop.hal.device-access.dvb org.freedesktop.hal.device-access.camera org.freedesktop.hal.device-access.scanner org.freedesktop.hal.device-access.audio-player org.freedesktop.hal.device-access.ieee1394-iidc org.freedesktop.hal.device-access.ieee1394-avc org.freedesktop.hal.device-access.pda org.freedesktop.hal.device-access.floppy org.freedesktop.hal.device-access.joystick org.freedesktop.hal.device-access.mouse org.freedesktop.hal.device-access.video org.freedesktop.packagekit.system-update org.opensuse.smpppd.connect # ck-list-sessions Session1: uid = '500' realname = 'Christian Boltz' seat = 'Seat1' session-type = '' active = TRUE x11-display = ':0' x11-display-device = '/dev/tty7' display-device = '' remote-host-name = '' is-local = TRUE on-since = '2008-10-21T10:28:17.296461Z'
I suppose you've set POLKIT_DEFAULT_PRIVS to "restrictive". That won't give you more than some device access privileges. Obviously the setting for the clock applet and smpppd shouldn't be listed either, those are actually bugs in the settings.
wrong settings corrected.
(In reply to comment #17 from Ludwig Nussel) > I suppose you've set POLKIT_DEFAULT_PRIVS to "restrictive". That won't give > you more than some device access privileges. I did not change these settings, all I did was updating to 11.1 beta2 and now beta3. Current settings: # grep -r POLKIT /etc/sysconfig/ ./security:CHECK_POLKIT_PRIVS="" ./security:POLKIT_DEFAULT_PRIVS="" Since the comment in /etc/sysconfig/security says about POLKIT_DEFAULT_PRIVS: # Defaults to "standard" if not specified. The 'local' file is # always evaluated and takes precedence over all other files. I'm reopening this bug again. Please fix either the comment ;-) or the permissions.
The comment is correct. Maybe you need to run set_polkit_default_privs once. All I can say that everything looks good at your system now and it works for me. So I keep this closed.
(In reply to comment #20 from Ludwig Nussel) > The comment is correct. Maybe you need to run set_polkit_default_privs once. > All I can say that everything looks good at your system now and it works for > me. So I keep this closed. Running set_polkit_default_privs had only one effect: kupdateapplet now crashes on startup (bug 439473). I still can't mount USB storage devices as user. (After some searching, it might be that I hit bug 416956. I'll test this later.)
This is an autogenerated message for OBS integration: This bug (435776) was mentioned in https://build.opensuse.org/request/show/89843 Tumbleweed / permissions