Thunar "not authorized" to mount disks?

Kernels & Hardware, configuring network, installing services

Re: Thunar "not authorized" to mount disks?

Postby andrewrogers » 2013-06-13 21:00

AnInkedSoul wrote:
andrewrogers wrote:How would I verify this?

You would ensure that the policykit-1 and policykit-1-gnome packages are installed. That would be a start.

Oh, and do you use a login manager? If so, which one?

And last but not least, which groups is your user a member of?


Lol, I don't even use a login manager! :mrgreen: I just made ~/.xinitrc do this:
Code: Select all
exec startfluxbox

That's my entire xinitrc, lol!

Code: Select all
groups [my_user]

returns:
Code: Select all
[my_user] : [my_user] cdrom floppy audio dip video plugdev scanner netdev bluetooth libvirtd


EDIT: the aforementioned policykit-1 and policykit-1-gnome packages are, indeed, installed.
#BOXES
Ivy Bridge 3570K + 32GB of RAM (INTEL 4000)
Core 2 Extreme (X9100!) Latitude E6400 + 8GB of RAM (Quadro NVS 160M)
Northwood P4 Latitude + 1.25GB of RAM (Radeon 7500)
Mac Mini G4 (1.5GHz!) + 1GB of RAM (Radeon 9200)
TiBook G4 + 1GB of RAM (Rad 9200)
User avatar
andrewrogers
 
Posts: 136
Joined: 2013-04-22 15:52

Re: Thunar "not authorized" to mount disks?

Postby AnInkedSoul » 2013-06-14 01:03

Yea you will need to use a login manager or setup the proper session...

might want to start with
http://wiki.debian.org/Xfce#Run_Xfce
AnInkedSoul
 
Posts: 461
Joined: 2010-06-11 05:05

Re: Thunar "not authorized" to mount disks?

Postby andrewrogers » 2013-06-14 15:48

AnInkedSoul wrote:Yea you will need to use a login manager or setup the proper session...

might want to start with
http://wiki.debian.org/Xfce#Run_Xfce


Is there a way to do this with startfluxbox? Neither my Ivy Bridge or my TiBook use a manager, but it only works on the Ivy Bridge...

Here are the groups my user is in on the Ivy Bridge:
Code: Select all
[user] : [user] cdrom floppy audio dip video plugdev scanner netdev storage
#BOXES
Ivy Bridge 3570K + 32GB of RAM (INTEL 4000)
Core 2 Extreme (X9100!) Latitude E6400 + 8GB of RAM (Quadro NVS 160M)
Northwood P4 Latitude + 1.25GB of RAM (Radeon 7500)
Mac Mini G4 (1.5GHz!) + 1GB of RAM (Radeon 9200)
TiBook G4 + 1GB of RAM (Rad 9200)
User avatar
andrewrogers
 
Posts: 136
Joined: 2013-04-22 15:52

Re: Thunar "not authorized" to mount disks?

Postby alan stone » 2013-07-04 10:46

same problem over here with a solution
alan stone
 
Posts: 28
Joined: 2011-10-22 14:08
Location: in my brain

Re: Thunar "not authorized" to mount disks?

Postby AnInkedSoul » 2013-07-04 18:14

which I think is....

be sure the consolekit, policykit, udisks stuff is installed and then create /etc/polkit-1/localauthority/50-local.d/udisks.pkla containing

Code: Select all
[udisks]
Identity=unix-user:*
Action=org.freedesktop.udisks*
ResultAny=yes




not sure I have run into this problem myself but when I run a minimal install it is usually without all that *kit stuff and personally I just use pmount
AnInkedSoul
 
Posts: 461
Joined: 2010-06-11 05:05

Re: Thunar "not authorized" to mount disks?

Postby llabtaem » 2013-07-14 04:51

Hey andrewrogers(OP), I had this same problem before and it was a policy kit issue. I am running Debian Testing 64Bit with Mate as well as Slim. When I updated my computer a few days ago I ran into this issue again; but only this time it wasn't as easy as editing the udisk2 policy kit as it was for udisk (unless I am a moron; that is another possibility too). I searched on the net for a few hours looking for the solution similar to the poster above me (AnInkedSoul) and wasn't getting anything. I found this same solution from sites like Arch's Wiki and others so I looked at all of them and with some trial and error I got my drives to work with this:

    [Storage Permissions]
    Identity=unix-user:USERNAME
    Action=org.freedesktop.udisks2.filesystem-mount;org.freedesktop.udisks2.filesystem-mount-system
    ResultAny=yes
    ResultInactive=yes
    ResultActive=yes

This of course goes under /etc/polkit-1/localauthority/50-local.d/org.freedesktop.udisks2.pkla You have to make the file and from my understanding you can name it what ever you want so long as it ends with ' . pkla '

So I am now able to access my drives no matter what. The really weird thing about it is when I would first boot up my machine or rebooted it I could not access my hard drives. I would have to kill X with CRTL ALT BACKSPACE then re-login in order to access my drives. It would then prompt me for sudo's password; but the above fix will not for either or. I would like that feature back so if I can figure it out I'll edit this response. So far no matter what I use auth_admin, auth_admin_keep, auth_self_keep, etc. I cannot access the drives. I believe this to be a really weird bug, but I am not 100% sure. Hopefully this helps you or others out there that may be experiencing this issue.
Image
User avatar
llabtaem
 
Posts: 74
Joined: 2012-06-20 04:03
Location: Plant Earth

Re: Thunar "not authorized" to mount disks?

Postby gradinaruvasile » 2013-07-17 20:04

The policykit action setting files are here (you can modify them as you want):

Code: Select all
/usr/share/polkit-1/actions/

The files are named:
org.freedesktop.$component.policy

Where $component can be (not exhaustive list, there are more, but better dont touch those you dont know what they do):

udisks - disk management
upower - power management, including sleep, hibernate
policykit - policykit's own settings

Unfortunately the files are xml so you have to muck arount with those tags and stuff, but basically each action has its defined section by <action> tags:

Code: Select all
  <action id="org.freedesktop.udisks.filesystem-mount">
    <description>Mount a device</description>
    <description xml:lang="da">Montér en enhed</description>
    <description xml:lang="de">Gerät einhängen</description>
    <description xml:lang="pt_BR">Montar um dispositivo</description>
    <message>Authentication is required to mount the device</message>
    <message xml:lang="da">Autorisering er påkrævet for at montere et fil system</message>
    <message xml:lang="de">Zugriffsrechte werden benötigt um das Gerät einzuhängen</message>
    <message xml:lang="pt_BR">Autenticação é requerida para montar o dispositivo</message>
    <defaults>
      <allow_any>auth_admin_keep</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>


The above example is the filesystem (auto)mount action (cd, usb and whatnot). The restrictions are defined in the "allow_status" sections, where the status (active, inactive) is defined by the status of the current user as seen by consolekit (the "parent" of policykit). "any" refers to either active or inactive.

You can see the status by issuing the "ck-list-sessions" command.
For my current session:
Code: Select all
$ ck-list-sessions
Session3:
   unix-user = '0'
   realname = 'root'
   seat = 'Seat1'
   session-type = ''
   active = FALSE
   x11-display = ''
   x11-display-device = ''
   display-device = '/dev/pts/0'
   remote-host-name = ''
   is-local = TRUE
   on-since = '2013-07-16T13:53:53.899425Z'
   login-session-id = '1'
   idle-since-hint = '2013-07-17T19:41:42.142898Z'
Session2:
   unix-user = '1000'
   realname = 'Kertesz Laszlo'
   seat = 'Seat1'
   session-type = ''
   active = TRUE
   x11-display = ':0'
   x11-display-device = '/dev/tty7'
   display-device = ''
   remote-host-name = ''
   is-local = TRUE
   on-since = '2013-07-16T13:52:53.443631Z'
   login-session-id = '1'


You need to look for the 'x11-display' line, it has to have a value (usually ':0') - this is the graphical session (X server). Now the typical issue is that if you dont use a graphical manager (gdm, kdm, lightdm can do it) or other means to set up a consolekit-friendly "active" session, you will fall in the "inactive"
category because your x session will be inactive from consolekit/policykit's point of view ( you have "active = FALSE" in the ck-list-sessions list) because nobody told them you have a session.
The auth default for "inactive" is
Code: Select all
<allow_inactive>no</allow_inactive>

So you will get rejected for actions that have "no" in the "allow_inactive" section.

Say you insert a USB stick -> udisks monitors the attached devices and sees the inserted drive, wants to auto mount it so asks for permission from policykit -> policykit asks your status from consolekit and then loads the corresponding action from the udisks policy file -> outright refuses -> your error message.

You can modify every single "allow_inactive" or "allow_any" action to "yes" (default accept) or auth_admin (asks for sudo password as needed) if you want (might be a security risk though setting "inactive/any" to "yes").

Or make sure you have an "active" session - using a capable display manager is the simplest solution. I dont know how you can do without it, i tried with "ck-launch-session" when 4.8 had these issues, but didnt work for me (maybe i wasnt perseverent enough...). So i installed lightdm.
User avatar
gradinaruvasile
 
Posts: 713
Joined: 2010-01-31 22:03
Location: Cluj, Romania

Re: Thunar "not authorized" to mount disks?

Postby flabdablet » 2014-06-05 07:00

Sorry to necro this, but I'm also mysteriously unable to mount things or shut down after an aptitude upgrade and I'm in the process of tracking down what broke.

I can restore the missing abilities using allow_any actions in polkit (either by adding .pkla files or by editing the xml, both work) but it seems to me that I shouldn't have to, because ck-list-sessions shows this:
Code: Select all
Session14:
   unix-user = '1000'
   realname = 'Stephen'
   seat = 'Seat1'
   session-type = ''
   active = TRUE
   x11-display = ':0'
   x11-display-device = '/dev/tty7'
   display-device = ''
   remote-host-name = ''
   is-local = TRUE
   on-since = '2014-06-05T06:47:56.681852Z'
   login-session-id = '6'

Consolekit clearly thinks I have an active session, so what do I need to do (or not do) in order to get policykit to agree?

Possibly relevant:
Code: Select all
stephen@kitchen:~$ pgrep dbus|xargs ps -l
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY        TIME CMD
5 S   102  2512     1  0  80   0 -  7231 ?      ?          0:00 /usr/bin/dbus-daemon --system
1 S   109  7327     1  0  80   0 -  6080 ?      ?          0:00 /usr/bin/dbus-launch --autolaunch f4cfa9297d141d028d956b5e4fed537b --binary-
1 S   109  7328     1  0  80   0 -  7089 ?      ?          0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
0 S   109  7333  7330  0  80   0 -  7062 ?      ?          0:00 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork
1 S  1000  7393     1  0  80   0 -  6080 -      ?          0:00 /usr/bin/dbus-launch --exit-with-session startxfce4
1 S  1000  7394     1  0  80   0 -  7354 -      ?          0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session

And I'm using lightdm.
flabdablet
 
Posts: 24
Joined: 2011-11-22 10:37
Location: Bruthen, Australia

Previous

Return to System configuration

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable