udisks2 configuration

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

udisks2 configuration

François Patte-2
Bonjour,

I want to be able to open a crypted device as a non-root user and I
modified the file

/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy

in order to do that.

That works, but it is not a good thing to modify a file from the distrib
to create a local configuration.

There is an empty directory /etc/udisks2/modules.conf.d where I tried to
guess what I could put inside for my purpose, but everything failed.

I did not find a clear doc about the udisks2 configuration.

Does  anyone knows how to proceed?

Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@.../message/ODWWURIN5HLD6OCLQZWIIM5WWE6D7YE5/

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Fwd: udisks2 configuration

François Patte-2



-------- Message transféré --------
Sujet : udisks2 configuration
Date : Sat, 26 May 2018 17:17:35 +0200
De : François Patte <[hidden email]>
Organisation : Université Paris Descartes
Pour : [hidden email]

Bonjour,

I want to be able to open a crypted device as a non-root user and I
modified the file

/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy

in order to do that.

That works, but it is not a good thing to modify a file from the distrib
to create a local configuration.

There is an empty directory /etc/udisks2/modules.conf.d where I tried to
guess what I could put inside for my purpose, but everything failed.

I did not find a clear doc about the udisks2 configuration.

Does  anyone knows how to proceed?

Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte



--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@.../message/IUGXIDWILKI56KM7PA2Q4EGJ2LFY5LKO/

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: udisks2 configuration

Ahmad Samir
In reply to this post by François Patte-2
On 26 May 2018 at 17:17, François Patte
<[hidden email]> wrote:

> Bonjour,
>
> I want to be able to open a crypted device as a non-root user and I
> modified the file
>
> /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
>
> in order to do that.
>
> That works, but it is not a good thing to modify a file from the distrib
> to create a local configuration.
>
> There is an empty directory /etc/udisks2/modules.conf.d where I tried to
> guess what I could put inside for my purpose, but everything failed.
>
> I did not find a clear doc about the udisks2 configuration.
>

You need a polkit rule; create a text file,
/etc/polkit-1/rules.d/filename.rules, and put something like this in
it:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.encrypted-unlock") &&
    subject.local &&
    subject.active &&
    subject.isInGroup("YOUR_USER_GROUP") ) {
            return polkit.Result.YES;
    }
});

`man polkit` for more details, and there are many examples in
/usr/share/polkit-1/rules.d/* .

Good luck.

--
Ahmad Samir
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@.../message/XU4ARC7QQYTJTUOTMPRLXVF22RXCSFFH/
Reply | Threaded
Open this post in threaded view
|

Re: udisks2 configuration

François Patte-2
Le 26/05/2018 à 23:48, Ahmad Samir a écrit :

> On 26 May 2018 at 17:17, François Patte
> <[hidden email]> wrote:
>> Bonjour,
>>
>> I want to be able to open a crypted device as a non-root user and I
>> modified the file
>>
>> /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
>>
>> in order to do that.
>>
>> That works, but it is not a good thing to modify a file from the distrib
>> to create a local configuration.
>>
>> There is an empty directory /etc/udisks2/modules.conf.d where I tried to
>> guess what I could put inside for my purpose, but everything failed.
>>
>> I did not find a clear doc about the udisks2 configuration.
>>
>
> You need a polkit rule; create a text file,
> /etc/polkit-1/rules.d/filename.rules, and put something like this in
> it:
>
> polkit.addRule(function(action, subject) {
>     if (action.id == "org.freedesktop.udisks2.encrypted-unlock") &&
>     subject.local &&
>     subject.active &&
>     subject.isInGroup("YOUR_USER_GROUP") ) {
>             return polkit.Result.YES;
>     }
> });
>
> `man polkit` for more details, and there are many examples in
> /usr/share/polkit-1/rules.d/* .
Thank you for your quick answer, but I am sorry to say that it does not
work for me... whatever the name I give to the rules file....

Is there a way to debug udisksctl?

Thank you.


--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@.../message/PQDDP4NM44BXEUVXF54PWKFARMKLAYGH/

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: udisks2 configuration[SOLVED]

François Patte-2
Le 27/05/2018 à 10:45, François Patte a écrit :

> Le 26/05/2018 à 23:48, Ahmad Samir a écrit :
>> On 26 May 2018 at 17:17, François Patte
>> <[hidden email]> wrote:
>>> Bonjour,
>>>
>>> I want to be able to open a crypted device as a non-root user and I
>>> modified the file
>>>
>>> /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy
>>>
>>> in order to do that.
>>>
>>> That works, but it is not a good thing to modify a file from the distrib
>>> to create a local configuration.
>>>
>>> There is an empty directory /etc/udisks2/modules.conf.d where I tried to
>>> guess what I could put inside for my purpose, but everything failed.
>>>
>>> I did not find a clear doc about the udisks2 configuration.
>>>
>>
>> You need a polkit rule; create a text file,
>> /etc/polkit-1/rules.d/filename.rules, and put something like this in
>> it:
This did not work because of a typo:
>>
>> polkit.addRule(function(action, subject) {
>>     if (action.id == "org.freedesktop.udisks2.encrypted-unlock") &&
             a double parenthese is needed before "action" in the above
line.

>>     subject.local &&
>>     subject.active &&
>>     subject.isInGroup("YOUR_USER_GROUP") ) {
>>             return polkit.Result.YES;
>>     }
>> });
>>
>> `man polkit` for more details, and there are many examples in
>> /usr/share/polkit-1/rules.d/* .
>
> Thank you for your quick answer, but I am sorry to say that it does not
> work for me... whatever the name I give to the rules file....
>
> Is there a way to debug udisksctl?
>
> Thank you.
>
>
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@.../message/AKAW3G2FKSGAMYCRZYLUECIWH3YRZGRQ/

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: udisks2 configuration

Ahmad Samir
In reply to this post by François Patte-2
On 27 May 2018 at 10:45, François Patte
<[hidden email]> wrote:

> Le 26/05/2018 à 23:48, Ahmad Samir a écrit :
>>
>> You need a polkit rule; create a text file,
>> /etc/polkit-1/rules.d/filename.rules, and put something like this in
>> it:
>>
>> polkit.addRule(function(action, subject) {
>>     if (action.id == "org.freedesktop.udisks2.encrypted-unlock") &&
>>     subject.local &&
>>     subject.active &&
>>     subject.isInGroup("YOUR_USER_GROUP") ) {
>>             return polkit.Result.YES;
>>     }
>> });
>>
>> `man polkit` for more details, and there are many examples in
>> /usr/share/polkit-1/rules.d/* .
>
> Thank you for your quick answer, but I am sorry to say that it does not
> work for me... whatever the name I give to the rules file....
>
> Is there a way to debug udisksctl?
[...]

You said that by editing
/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy , you got
it to work for non-root user. What did you edit exactly? because the
action you edited in that file, would be the action you have to use in
the .rules file in /etc/polkit-1/rules.d/.

I think you'd need to debug polkit, not udisksctl. IIRC if you press
cancel in the polkit authorisation window, an message is sent to the
system log about that, and usually it contains the exact action that
failed to be properly authorised.

(Sorry for the rather late reply, you mail got lost in my swamped inbox...).

--
Ahmad Samir
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@.../message/76JBEXY5T6KOPUBWBXAAK4XW5V2FFF2O/