Hello, mentors
I'm looking for some advice on my ITP[1]. udisks-glue[2] is a
replacement to some of the functionality provided by halevt/ivman, but
it uses udisks instead of HAL (HAL is not actively maintained
anymore). So I'm trying to package it the same way halevt does it:
providing simple automount support out of the box.
So far, so good, it's working (but I have not uploaded it anywhere
yet). But my concern is that running it as root might not be the best
idea. halevt, for example, creates the user "halevt" and installs a
HAL policy to allow the default config to automount devices via
halevt-mount. udisks-glue doesn't need to do anything fancy like that
because it uses PolicyKit for authentication and udisks is well
integrated with PolicyKit (meaning you can run udisks --mount without
root privileges out of the box).
I could make udisks-glue run as another user (say, nobody), but that
would mean that the default config would not be able to mount devices.
That's because PolicyKit will only allow udisks to mount devices if
the user is a local user ("logged in" to ConsoleKit via
ck-launch-session, the PAM connector or GDM) or the root user. I
*think* I could provide PolicyKit policies to allow an user created by
udisks-glue to mount those devices without root privileges, but I have
no idea where to look for examples on how this might be done. I also
don't know if it's worth the effort.
Any tips on how I should proceed? There's no other udisks automounters
in Debian (there's a PPA package for [3], but it doesn't have an init
script or a system-wide configuration file). I see the following
options:
a) Submit the package as it is, i.e., with udisks-glue running as root
b) Run udisks-glue as root, but don't start the init script by default
c) Get rid of the init script, but keep the system-wide configuration file
d) Create an user "udisks", add a PolicyKit rule to allow it to mount
device files, use that for the init script (not even sure it's
possible)
Suggestions are greatly appreciated.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594746
[2] http://github.com/fernandotcl/udisks-glue
[3] https://code.launchpad.net/~pitti/udisks-automounter/trunk
Regards,
Fernando
--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/aanlktinrgdwwicju=ixqdjirjay42gj=eydqbrg_s...@mail.gmail.com
