PAM (from D-Bus/HAL discussion)

Jürg Billeter j at bitron.ch
Sat Apr 8 11:44:16 PDT 2006


On Sam, 2006-04-08 at 14:21 -0400, Joe Ciccone wrote:
>  gnome-mount --text --no-ui --device /dev/sda1
> gnome-mount 0.4
> 
> ** (gnome-mount:18819): WARNING **: Mount failed for
> /org/freedesktop/Hal/devices/volume_uuid_9a5b205f_e80d_49ec_94c2_82798b88be08
> org.freedesktop.DBus.Error.AccessDenied : A security policy in place
> prevents this sender from sending this message to this recipient, see
> message bus configuration file (rejected message had interface
> "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)"
> destination "org.freedesktop.Hal")
> 
> When I run this as root all goes well. I have a feeling this is because
> mount is being run as whichever user runs gnome-mount. I haven't found a
> solution for it yet but I've been looking like crazy.

Default HAL policy only permits root and at_console users to mount
storage devices. Whether a user is at console or not is determined by
checking whether the file /var/run/console/USERNAME exists. This file
gets automatically created by e.g. pam_console or pam_foreground, iirc.

BTW: The policy can be changed in /etc/dbus-1/system.d/hal.conf

Jürg




More information about the blfs-dev mailing list