New authorization required for mundane activities

silver.bullet at zoho.com silver.bullet at zoho.com
Mon Sep 28 02:22:57 UTC 2015


You at least should provide some information, such as

# lsb_release -dr
# tail --lines=30 /var/log/apt/history.log

On Sun, 27 Sep 2015 18:02:29 -0700, MR ZenWiz wrote:
>This appears to come from org.freedesktop.udisks2.filesystem-mount,
>except that that is (obviously) not a valid URL, nor is it just
>backwards..

This belongs to a polkit rule.

[root at moonstudio ~]# dpkg -L udisks2 | grep polkit
/usr/share/polkit-1
/usr/share/polkit-1/actions
/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy

[root at moonstudio ~]# grep "org.freedesktop.udisks2.filesystem-mount-system" -A70 /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy | grep -v description | grep -v message
  <action id="org.freedesktop.udisks2.filesystem-mount-system">
    <defaults>
      <allow_any>auth_admin</allow_any>
      <allow_inactive>auth_admin</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

"Each of the allow_any, allow_inactive and allow_active elements can
contain the following values:

no
	

Not authorized.

yes
	

Authorized.

auth_self
	

Authentication by the owner of the session that the client originates
from is required. Note that this is not restrictive enough for most uses o
 multi-user systems; auth_admin* is generally recommended.

auth_admin
	

Authentication by an administrative user is required.

auth_self_keep
	

Like auth_self but the authorization is kept for a brief period (e.g. five
minutes). The warning about auth_self above applies likewise.

auth_admin_keep
	

Like auth_admin but the authorization is kept for a brief period
(e.g. five minutes)."
- http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html

Other distros seem to use another location and another language.
http://www.dynacont.net/documentation/linux/udisks2_polkit_Allow_unauthenticated_mounting/

For Arch Linux I e.g. want that the password is required for shutdowns:

[root at archlinux rocketmouse]# cat /etc/polkit-1/rules.d/10-admin-shutdown-reboot.rules 
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.power-off" ||
        action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
        action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
        action.id == "org.freedesktop.login1.reboot" ||
        action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
        action.id == "org.freedesktop.login1.reboot-multiple-sessions"
    ) {
        return polkit.Result.AUTH_SELF_KEEP;
    }
});






More information about the ubuntu-users mailing list