Hi,
I have a question about giving permissions for udiskie-mount to run
inside a cron file. This apparently involves policykit.
I'm using Debian jessie/stable (8.4). I have
pkaction --version
pkaction version 0.105
When I try to mount an external USB drive using udiskie-mount from
inside a cron job, I get an error as follows below. Using
udiskie-mount directly from the command line works fine.
+ udiskie-mount -o umask=0022 /dev/disk/by-uuid/4E1AEA7B1AEA6007 --verbose
DEBUG [2016-04-19 23:00:01,762] udiskie.config: Failed to read config file:
[Errno 2] No such file or directory: '/home/faheem/.config/udiskie/config.yml'
DEBUG [2016-04-19 23:00:01,764] udiskie.config: Failed to read config file:
[Errno 2] No such file or directory: '/home/faheem/.config/udiskie/config.json'
Unable to init server: Could not connect: Connection refused
Unable to init server: Could not connect: Connection refused
DEBUG [2016-04-19 23:00:02,020] udiskie.config:
IgnoreDevice(match={'is_block': False}, value=True) created
DEBUG [2016-04-19 23:00:02,021] udiskie.config:
IgnoreDevice(match={'is_external': False}, value=True) created
DEBUG [2016-04-19 23:00:02,021] udiskie.config:
IgnoreDevice(match={'is_ignored': True}, value=True) created
DEBUG [2016-04-19 23:00:02,021] udiskie.udisks2: found device owning
"/dev/disk/by-uuid/4E1AEA7B1AEA6007":
"/org/freedesktop/UDisks2/block_devices/sde1"
DEBUG [2016-04-19 23:00:02,021] udiskie.mount: mounting
/org/freedesktop/UDisks2/block_devices/sde1 with {'options': ['umask=0022'],
'fstype': 'ntfs'}
ERROR [2016-04-19 23:00:02,027] udiskie.mount: failed to mount
/org/freedesktop/UDisks2/block_devices/sde1:
GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not
authorized to perform operation
I followed up with a question at unix.stackexchange.com
(https://unix.stackexchange.com/q/277606/4671) which summarizes the
current status of this issue. I've copied the current contents of that
question below. Some guidance on how to fix this issue would be
appreciated.
Regards, Faheem Mitha
######################################################################
I asked the udiskie maintainer about this, in
https://github.com/coldfix/udiskie/issues/102, see
https://github.com/coldfix/udiskie/issues/102#issuecomment-211908721
He said I should add permissions to polkit, so I added
/etc/polkit-1/rules.d/50-udiskie.rules per the script in
https://github.com/coldfix/udiskie/wiki/Permissions, as follows:
polkit.addRule(function(action, subject) {
var YES = polkit.Result.YES;
// NOTE: there must be a comma at the end of each line except for the
last:
var permission = {
// // required for udisks1:
// "org.freedesktop.udisks.filesystem-mount": YES,
// "org.freedesktop.udisks.luks-unlock": YES,
// "org.freedesktop.udisks.drive-eject": YES,
// "org.freedesktop.udisks.drive-detach": YES,
// // required for udisks2:
// "org.freedesktop.udisks2.filesystem-mount": YES,
// "org.freedesktop.udisks2.encrypted-unlock": YES,
// "org.freedesktop.udisks2.eject-media": YES,
// "org.freedesktop.udisks2.power-off-drive": YES,
// required for udisks2 if using udiskie from another seat
(e.g. systemd):
"org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
"org.freedesktop.udisks2.filesystem-unmount-others": YES,
"org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
"org.freedesktop.udisks2.eject-media-other-seat": YES,
"org.freedesktop.udisks2.power-off-drive-other-seat": YES
};
if (subject.isInGroup("backup")) {
return permission[action.id];
}
});
I restarted using
# systemctl restart polkitd
But the mounting still doesn't work.
From a big picture perspective, I don't really understand why mounting
directly from the command line is treated differently from a cron
job. Can someone enlighten me?
@derobert kindly informed me that the version of PolicyKit in Debian
jessie doesn't recognise Javascript syntax, which may explain why this
is not working. So presumably I need a version in a different syntax.
UPDATE: Per the instructions at the bottom of
https://github.com/coldfix/udiskie/wiki/Permissions (section
"PolicyKit") I created the file
/etc/polkit-1/localauthority/50-local.d/10-udiskie.pkla with the
contents:
[udiskie]
Identity=unix-group:backup
Action=org.freedesktop.udisks2.filesystem-mount-other-seat;org.freedesktop.udisks2.filesystem-unmount-others;org.freedesktop.udisks2.encrypted-unlock-other-seat;org.freedesktop.udisks2.eject-media-other-seat;org.freedesktop.udisks2.power-off-drive-other-seat
ResultAny=yes
but still no luck. This is apparently the old, not JS version of the
syntax, which works with Jessie.
The section Debugging a problem: Pollkit suggests adding the stanza
polkit.addRule(function(action, subject) {
var prefix = "org.freedesktop.udisks";
if (action.id.slice(0, prefix.length) == prefix)
polkit.log(action.id);
});
to the file /etc/polkit-1/rules.d/10-udisks.rules.
Does anyone happen to know what the correct syntax and filename would
be for the "old" syntax? I'd just be guessing here.
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/polkit-devel
