A good example of a bad trend

To add an example to my last note, here’s what happened recently.

One user posted the following:

I’ve noticed FOO desktop is no longer able to mount removable drives. I get the following:

org.freedesktop.hal.storage.mount-removable no <-- (action, result )

What do I do?

And here’s the proposed solution:

Just edit /etc/PolicyKit/PolicyKit.conf and add the following part:

<match action="org.freedesktop.hal.*">
<return result="yes"/>
</match>

And they lived happily ever after, right? Wrong. This is a great example of why asking the uneducated crowd to help you solve technical challenges is the best way to shoot yourself in the foot.

I doesn’t take rocket surgery to figure out that PolicyKit won’t allow certain actions to be accessed by certain users. In this case it only allows active local sessions to mount removable volumes. What constitutes an active local session? A session logged in locally (which is the case) and connected to ConsoleKit (which is not the case since FOO desktop environment does not seem to use ConsoleKit).

Now if the user asked in the proper place (file a bug or send the question to the proper mailing list) instead of the forums there would be two good answers:

  • Teach FOO desktop how to register itself with ConsoleKit (by fixing the code or using means of pam_consolekit)
  • Tell PolicyKit to allow certain users to access the action (polkit-auth --user foo --grant org.freedesktop.hal.storage.mount-removable)

Now do you see the problem? The original thread in a more illustrative form: if my aunt comes to visit and she does not have the keys, how does she come in? Oh, that’s easy, just remove the locks.