Allowing users to
invoke HAL methods
The default setup for HAL is
to allow only certain users to invoke methods such as Mount().
These are the root
user and the
user determined to be at the active console using pam_console.
If you are not set up to use Linux-PAM-0.99.10.0 and pam_console,
create a group that is allowed to invoke HAL methods with the following commands:
groupadd -g 61 halusers &&
cat > /etc/dbus-1/system.d/halusers.conf << "EOF"
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Allow users in the halusers group invoke HAL methods -->
<policy group="halusers">
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>
</busconfig>
EOF
Now add the users you would like to the halusers
group to use HAL.
usermod -a -G halusers <username>
Note that these users still need to have appropriate
permissions to access the devices that HAL will invoke its methods on.
With the above configuration in place, authorized users now
have the ability to unmount disk partitions mounted at
non-standard locations such as /pub
. If you'd like to restrict this policy
to only drives which are considered removable or hotpluggable,
add the following configuration file as the root
user:
cat > /etc/hal/fdi/policy/no-fixed-drives.fdi << "EOF"
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
<!-- Don't allow HAL methods on disks that are not
removable or hotpluggable -->
<deviceinfo version="0.2">
<device>
<match key="@block.storage_device:storage.hotpluggable" bool="false">
<match key="@block.storage_device:storage.removable" bool="false">
<merge key="volume.ignore" type="bool">true</merge>
</match>
</match>
</device>
</deviceinfo>
EOF
Changing default
mount options
In some cases, it is necessary to specify some default mount
options for filesystems. E.g., in non-English environments, the
iocharset
and codepage
options are needed for filesystems of
Windows origin in order to show national characters correctly.
Also, due to a bug in the Linux kernel
version in LFS (2.6.22.x), you may want to pass the
usefree
option to vfat filesystems
in order to reduce the time needed to determine the amount of
free space on the filesystem.
Google search results for “hal
default mount options” are still full of
recommendations to create *.fdi
files mentioning either volume.policy
or storage.policy
keys. Such recommendations
worked for HAL-0.4.x only and are invalid now. For HAL-0.5.9.1,
mount options are expected to be handled as follows:
-
An event handler from the desktop environment receives an
event describing the newly-added storage device.
-
If the storage device is not already mentioned in
/etc/fstab
, mount options
are fetched from a database of user preferences, which is
specific to the desktop environment, and passed back to
HAL. This process can be influenced by the filesystem
type and possibly other volume properties available from
HAL.
-
If the options are in the list of permitted ones, HAL
mounts the volume.
The important point above is that the configuration procedure
is desktop-specific. However, as of December, 2007, only GNOME
allows the user to set default mount options on a
per-filesystem basis, as described in the next paragraph. KDE
allows the mount options to be set only on a per-volume basis,
not per-filesystem, which is a bug, because,
as mentioned in the report, “for
every new device (let's say your friend's USB stick) you have
to first not mount it, then change options and then
mount”. Xfce, if compiled with HAL support,
hard-codes
the mount options without any means to override them, which is
even worse. In KDE and Xfce, if the built-in default mount
options are not suitable, it is needed to mention every
possible removable storage device in /etc/fstab
with the correct options, thus
mostly defeating the point of installing HAL.
In order to adjust the default mount options, GNOME users
should change the /system/storage/default_options/[fs_type]/mount_options
GConf key either using GConf
Editor-2.18.0, or from the command line, as demonstrated in
the following example:
gconftool-2 --type list --list-type=string \
--set /system/storage/default_options/vfat/mount_options \
"[shortname=mixed,uid=,usefree,iocharset=koi8-r,codepage=866]"
See more details in the gnome-mount(1) manual page.
Adding allowed
mount options
The list of mount options permitted in the default HAL
configuration resides in the /usr/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi
file. GNOME and KDE users may want to use options not in this
list (in the above example, this applies to the usefree
option). In this case, as root
user, create a custom policy file that
mentions unknown mount options:
cat > /etc/hal/fdi/policy/user-options.fdi << "EOF"
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
<!--
This file is used to set custom options to the HAL policy settings.
The default policy settings are defined in files contained in the
/usr/share/hal/fdi/policy subdirectories. User defined customizations
should be in files contained in the /etc/hal/fdi/policy directory.
-->
<deviceinfo version="0.2">
<device>
<!-- this is to be able to mount media in drives we cannot poll,
e.g. IDE Zip Drives and PC style floppy drives -->
<match key="storage.media_check_enabled" bool="false">
<match key="storage.no_partitions_hint" bool="true">
<append key="volume.mount.valid_options" type="strlist">usefree</append>
<!-- Insert other options here -->
</match>
</match>
<match key="volume.fsusage" string="filesystem">
<!-- allow these mount options for vfat -->
<match key="volume.fstype" string="vfat">
<append key="volume.mount.valid_options" type="strlist">usefree</append>
<!-- Insert other options here -->
</match>
</match>
</device>
</deviceinfo>
EOF