Re: [blfs-support] Polkit Actions
On 12/11/2013 06:06 PM, Dan McGhee wrote: On 12/11/2013 05:50 PM, Armin K. wrote: On 12/12/2013 12:47 AM, Dan McGhee wrote: On 12/11/2013 05:35 PM, Armin K. wrote: On 12/12/2013 12:19 AM, Dan McGhee wrote: You can always try running pkexec /usr/sbin/gparted from a terminal and check the output. Interesting output. Now I need to find out why when running pkexec from the terminal, it thinks I'm somebody else. dan [ ~ ]$ pkexec /usr/sbin/gparted Error executing command as another user: Not authorized This is due to consolekit misconfiguration. Most people ignore recommended dependency of Linux PAM on the ConsoleKit page, which is really, really *required* if you want ConsoleKit to work correctly. On the other hand, I use systemd, which has logind - a replacement for consolekit so I don't really know if polkit works anymore with just consolekit. Post output of ck-list-sessions. It should read something like (if the memory serves me well) active: yes, local: yes. If these two are not yes, then consolekit is not configured correctly. I had just done this when your reply arrived and I had thought there was something wrong with consolekit. Here's the output Session3: unix-user = '100' realname = '(null)' seat = 'Seat4' session-type = '' active = FALSE x11-display = '' x11-display-device = '' display-device = '/dev/tty1' remote-host-name = '' is-local = FALSE on-since = '2013-12-11T21:20:56.318833Z' login-session-id = '4294967295' idle-since-hint = '2013-12-11T21:21:26.873134Z' And I'm one of the ones who didn't install pam. I'll check into all of this. Once again, thanks, Armin Everything is working fine. I installed PAM and reinstalled and reconfigured shadow and ConsoleKit. I spent some time wondering if the changes were working since, when I completed the changes, nothing had changed. At the xfce4 website, the documentation said, if you don't use a log in manager, to test ConsoleKit by running 'ck-list-sessions' in a terminal before starting X. I did that and didn't get indication of an Active session, until I thought that maybe I should log out and back in. That was when everything worked. Always the little things. I usually don't suggest things like this and I don't know if ConsoleKit can be used without PAM. But in some of the pacakge pages there are comments like If you don't install the optional dependencies then you can't do description. Armin said yesterday that PAM was almost a required dependency of ConsoleKit. Maybe a comment of explanation would be appropriate for the ConsoleKit page. Thanks again, Armin. My system is working the way I want it to, I know how to do other things like this and I learned a lot more. Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
Date: Thu, 12 Dec 2013 12:37:39 -0600 From: Dan McGhee beesn...@grm.net To: BLFS Support List blfs-support@linuxfromscratch.org Subject: Re: [blfs-support] Polkit Actions . . I usually don't suggest things like this and I don't know if ConsoleKit can be used without PAM. [...] It can be used ohne PAM: Slackware does not use PAM, and does use (optionally) console-kit; ref e.g. -- * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ConsoleKit.SlackBuild -- [...] But in some of the pacakge pages there are comments like If you don't install the optional dependencies then you can't do description. Armin said yesterday that PAM was almost a required dependency of ConsoleKit. Maybe a comment of explanation would be appropriate for the ConsoleKit page. 'almost' !== 'required' (of course). Hopefully BLFS will continue the recent-years move towards the practice of being (more) rigourous, consistent, strict and correct, about the meanings of 'Required', 'Recommended', 'Optional', and their variants. In other parts of Linux, there's been far too much - to put it lightly - forcing of contrived dependencies: so I'd hope it doesn't begin to appear in (B/)Lennux From Scratch also. hth, akh -- -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/12/2013 03:17 PM, akhiezer wrote: Date: Thu, 12 Dec 2013 12:37:39 -0600 From: Dan McGhee beesn...@grm.net To: BLFS Support List blfs-support@linuxfromscratch.org Subject: Re: [blfs-support] Polkit Actions . . I usually don't suggest things like this and I don't know if ConsoleKit can be used without PAM. [...] It can be used ohne PAM: Slackware does not use PAM, and does use (optionally) console-kit; ref e.g. -- * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ConsoleKit.SlackBuild -- [...] But in some of the pacakge pages there are comments like If you don't install the optional dependencies then you can't do description. Armin said yesterday that PAM was almost a required dependency of ConsoleKit. Maybe a comment of explanation would be appropriate for the ConsoleKit page. 'almost' !== 'required' (of course). Hopefully BLFS will continue the recent-years move towards the practice of being (more) rigourous, consistent, strict and correct, about the meanings of 'Required', 'Recommended', 'Optional', and their variants. In other parts of Linux, there's been far too much - to put it lightly - forcing of contrived dependencies: so I'd hope it doesn't begin to appear in (B/)Lennux From Scratch also. I agree with you 100%. And this is why I hesitate to make suggestions like I did. When something does not work for me, the situation is usually that I missed something in the book's instructions or I didn't have the knowledge to make it work in the first place. This was the case with the console kit, gnome-polkit, polkit, xfce4 combination that I wanted to configure. And in my latest situation, it was console-kit that was not helping. I know I would not have had the problem if I had installed KDE, but I chose XFCE4 and had to work on the configuration myself. My knowledge, or, as in this case, the lack of it is usually the culprit. Even after the last couple of days I have only a foggy notion of how all those applications fit together and work. The piece of knowledge that ConsoleKit needs PAM to generate an active session solved my problem. Now is it the entire set of PAM modules? I don't know. I don't even know if having only one PAM module will do the trick. I found it interesting in examining one of the links you provided that I found these lines in slack's install script for ConsoleKit: cat $CWD/pam-foreground-compat.ck \ $PKG/usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck chmod 0755 $PKG/usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck That file pam-foreground-compat.ck is built and installed in ConsoleKit. Can it be used without the rest of PAM? If slack doesn't install PAM, the answer is yes. But, how then do you configure ConsoleKit to work properly. It didn't in my install. It may not be precise or technically correct, but installing PAM helped my system to work. Is it then a run time dependency? Maybe you could call it that. This is the logic that I used when I wrote what I did. I figure that if I don't find anything in the archives, then I'm the only one who's having the problems, or, at least, I'm the only on who is asking. That's not a basis for suggesting a change or addition to the book. One thing that did occur to me earlier and I might as well express it. I remember when the wiki got started as a place in which LFS-ers could document their experiences. I try to faithfully check it when I'm building, but I haven't installed a package yet this time that had a current comment. In fact most of the pages are empty. Now that I've said that, and to forestall any suggestions, it's up to me to sign up to use the wiki and document my polkit and console-kit experiences, how I got taught to troubleshoot them and what fixed them. I'm beginning to ramble and rant and this is not the venue for it. Thanks for your comment, though, ak. Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/12/2013 11:14 PM, Dan McGhee wrote: On 12/12/2013 03:17 PM, akhiezer wrote: Date: Thu, 12 Dec 2013 12:37:39 -0600 From: Dan McGhee beesn...@grm.net To: BLFS Support List blfs-support@linuxfromscratch.org Subject: Re: [blfs-support] Polkit Actions . . I usually don't suggest things like this and I don't know if ConsoleKit can be used without PAM. [...] It can be used ohne PAM: Slackware does not use PAM, and does use (optionally) console-kit; ref e.g. -- * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ConsoleKit.SlackBuild -- [...] But in some of the pacakge pages there are comments like If you don't install the optional dependencies then you can't do description. Armin said yesterday that PAM was almost a required dependency of ConsoleKit. Maybe a comment of explanation would be appropriate for the ConsoleKit page. 'almost' !== 'required' (of course). Hopefully BLFS will continue the recent-years move towards the practice of being (more) rigourous, consistent, strict and correct, about the meanings of 'Required', 'Recommended', 'Optional', and their variants. In other parts of Linux, there's been far too much - to put it lightly - forcing of contrived dependencies: so I'd hope it doesn't begin to appear in (B/)Lennux From Scratch also. I agree with you 100%. And this is why I hesitate to make suggestions like I did. When something does not work for me, the situation is usually that I missed something in the book's instructions or I didn't have the knowledge to make it work in the first place. This was the case with the console kit, gnome-polkit, polkit, xfce4 combination that I wanted to configure. And in my latest situation, it was console-kit that was not helping. I know I would not have had the problem if I had installed KDE, but I chose XFCE4 and had to work on the configuration myself. My knowledge, or, as in this case, the lack of it is usually the culprit. Even after the last couple of days I have only a foggy notion of how all those applications fit together and work. The piece of knowledge that ConsoleKit needs PAM to generate an active session solved my problem. Now is it the entire set of PAM modules? I don't know. I don't even know if having only one PAM module will do the trick. I found it interesting in examining one of the links you provided that I found these lines in slack's install script for ConsoleKit: cat $CWD/pam-foreground-compat.ck \ $PKG/usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck chmod 0755 $PKG/usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck That file pam-foreground-compat.ck is built and installed in ConsoleKit. Can it be used without the rest of PAM? If slack doesn't install PAM, the answer is yes. But, how then do you configure ConsoleKit to work properly. It didn't in my install. It may not be precise or technically correct, but installing PAM helped my system to work. Is it then a run time dependency? Maybe you could call it that. No, it's a build and runtime dependency. You need PAM headers and libs to build pam_consolekit.so PAM module, which in turn is responsible (using PAM session facility) to register a local session with ConsoleKit. Same mechanism is used by systemd-logind, which uses pam_systemd.so to register sessions. This is the logic that I used when I wrote what I did. I figure that if I don't find anything in the archives, then I'm the only one who's having the problems, or, at least, I'm the only on who is asking. That's not a basis for suggesting a change or addition to the book. Believe me, you are not the only one who has this specific problem. I lost a count of these people. We have a policy that we can mark required packages only if the package can't be built without it. Recommended packages are ones which are essential, but package can be built without them. We do expect that recommended dependencies are honored. Optional dependencies are what you think they are. You can or can't install them, your choice. You might be missing some specific (and not so common) funcionality, but you can always reinstall package later with specific feature enabled. One thing that did occur to me earlier and I might as well express it. I remember when the wiki got started as a place in which LFS-ers could document their experiences. I try to faithfully check it when I'm building, but I haven't installed a package yet this time that had a current comment. In fact most of the pages are empty. Now that I've said that, and to forestall any suggestions, it's up to me to sign up to use the wiki and document my polkit and console-kit experiences, how I got taught to troubleshoot them and what fixed them. I'm beginning to ramble and rant and this is not the venue for it. Thanks for your comment, though, ak. Dan
Re: [blfs-support] Polkit Actions
Armin K. wrote: On 12/12/2013 11:14 PM, Dan McGhee wrote: On 12/12/2013 03:17 PM, akhiezer wrote: Date: Thu, 12 Dec 2013 12:37:39 -0600 From: Dan McGhee beesn...@grm.net To: BLFS Support List blfs-support@linuxfromscratch.org Subject: Re: [blfs-support] Polkit Actions . . I usually don't suggest things like this and I don't know if ConsoleKit can be used without PAM. [...] It can be used ohne PAM: Slackware does not use PAM, and does use (optionally) console-kit; ref e.g. -- * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ * ftp://ftp.slackware.no/slackware/slackware64-14.1/source/l/ConsoleKit/ConsoleKit.SlackBuild -- [...] But in some of the pacakge pages there are comments like If you don't install the optional dependencies then you can't do description. Armin said yesterday that PAM was almost a required dependency of ConsoleKit. Maybe a comment of explanation would be appropriate for the ConsoleKit page. 'almost' !== 'required' (of course). Hopefully BLFS will continue the recent-years move towards the practice of being (more) rigourous, consistent, strict and correct, about the meanings of 'Required', 'Recommended', 'Optional', and their variants. In other parts of Linux, there's been far too much - to put it lightly - forcing of contrived dependencies: so I'd hope it doesn't begin to appear in (B/)Lennux From Scratch also. I agree with you 100%. And this is why I hesitate to make suggestions like I did. When something does not work for me, the situation is usually that I missed something in the book's instructions or I didn't have the knowledge to make it work in the first place. This was the case with the console kit, gnome-polkit, polkit, xfce4 combination that I wanted to configure. And in my latest situation, it was console-kit that was not helping. I know I would not have had the problem if I had installed KDE, but I chose XFCE4 and had to work on the configuration myself. My knowledge, or, as in this case, the lack of it is usually the culprit. Even after the last couple of days I have only a foggy notion of how all those applications fit together and work. The piece of knowledge that ConsoleKit needs PAM to generate an active session solved my problem. Now is it the entire set of PAM modules? I don't know. I don't even know if having only one PAM module will do the trick. I found it interesting in examining one of the links you provided that I found these lines in slack's install script for ConsoleKit: cat $CWD/pam-foreground-compat.ck \ $PKG/usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck chmod 0755 $PKG/usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck That file pam-foreground-compat.ck is built and installed in ConsoleKit. Can it be used without the rest of PAM? If slack doesn't install PAM, the answer is yes. But, how then do you configure ConsoleKit to work properly. It didn't in my install. It may not be precise or technically correct, but installing PAM helped my system to work. Is it then a run time dependency? Maybe you could call it that. No, it's a build and runtime dependency. You need PAM headers and libs to build pam_consolekit.so PAM module, which in turn is responsible (using PAM session facility) to register a local session with ConsoleKit. Same mechanism is used by systemd-logind, which uses pam_systemd.so to register sessions. This is the logic that I used when I wrote what I did. I figure that if I don't find anything in the archives, then I'm the only one who's having the problems, or, at least, I'm the only on who is asking. That's not a basis for suggesting a change or addition to the book. Believe me, you are not the only one who has this specific problem. I lost a count of these people. We have a policy that we can mark required packages only if the package can't be built without it. Recommended packages are ones which are essential, but package can be built without them. We do expect that recommended dependencies are honored. Optional dependencies are what you think they are. You can or can't install them, your choice. You might be missing some specific (and not so common) funcionality, but you can always reinstall package later with specific feature enabled. We've always allowed extra information in the form of text or a note. It sounds like this is needed here. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
[blfs-support] Polkit Actions
Now that I've learned (?) how to deal with polkit--as documented in another thread--I'd like to get a few more things under my belt. In particular, I'd like to call gparted from the menus in my desktop system. The way it works in Ubuntu is that a message pops up and asks for my password before GParted runs. Right now I get only the message that I need to be root to run it. I found this at the Arch wiki: ?xml version=1.0 encoding=UTF-8? !DOCTYPE policyconfig PUBLIC -//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd; policyconfig action id=org.archlinux.pkexec.gparted messageAuthentication is required to run the GParted Partition Editor/message icon_namegparted/icon_name defaults allow_anyauth_admin/allow_any allow_inactiveauth_admin/allow_inactive allow_activeauth_admin/allow_active /defaults annotate key=org.freedesktop.policykit.exec.path/usr/bin/gparted/annotate annotate key=org.freedesktop.policykit.exec.allow_guitrue/annotate /action /policyconfig This is a polkit action file to be put in /usr/share/polkit-1/actions directory. As written, it would go in that directory with the name org.archlinux.pkexec.gparted What I haven't been able to find is the answer to the following question. Does it matter that part of the name would be org.archlinux or is this just a name and doesn't refer to anything else on my system. There are only two org's in the actions I have now: freedesktop and xorg. Both of those have things installed on my system. If it's just a name, then I don't have to consider anything else. In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. Thanks, Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 06:45 PM, Dan McGhee wrote: Now that I've learned (?) how to deal with polkit--as documented in another thread--I'd like to get a few more things under my belt. In particular, I'd like to call gparted from the menus in my desktop system. The way it works in Ubuntu is that a message pops up and asks for my password before GParted runs. Right now I get only the message that I need to be root to run it. I found this at the Arch wiki: Ubuntu used gksu/gksudo which called respective utilities for authentication as superuser. PolicyKit is somehow different mechanism. ?xml version=1.0 encoding=UTF-8? !DOCTYPE policyconfig PUBLIC -//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd; policyconfig action id=org.archlinux.pkexec.gparted messageAuthentication is required to run the GParted Partition Editor/message icon_namegparted/icon_name defaults allow_anyauth_admin/allow_any allow_inactiveauth_admin/allow_inactive allow_activeauth_admin/allow_active /defaults annotate key=org.freedesktop.policykit.exec.path/usr/bin/gparted/annotate annotate key=org.freedesktop.policykit.exec.allow_guitrue/annotate /action /policyconfig This is a polkit action file to be put in /usr/share/polkit-1/actions directory. As written, it would go in that directory with the name org.archlinux.pkexec.gparted What I haven't been able to find is the answer to the following question. Does it matter that part of the name would be org.archlinux or is this just a name and doesn't refer to anything else on my system. There are only two org's in the actions I have now: freedesktop and xorg. Both of those have things installed on my system. If it's just a name, then I don't have to consider anything else. This matters little. You could use any valid domain name or no at all. See https://bbs.archlinux.org/viewtopic.php?pid=999328#p999328, for nearly the same rule they used org.freedesktop... In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. Thanks, Dan You have to edit both .desktop files and add pkexec /path/to/program to the Exec= line. Do note that using pkexec requires an authentication agent to be running, such as polkit-gnome or lxpolkit. The file you mentioned is necessarry because pkexec won't allow running gui programs by default. -- Note: My last name is not Krejzi. -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 12:20 PM, Armin K. wrote: On 12/11/2013 06:45 PM, Dan McGhee wrote: This is a polkit action file to be put in /usr/share/polkit-1/actions directory. As written, it would go in that directory with the name org.archlinux.pkexec.gparted What I haven't been able to find is the answer to the following question. Does it matter that part of the name would be org.archlinux or is this just a name and doesn't refer to anything else on my system. There are only two org's in the actions I have now: freedesktop and xorg. Both of those have things installed on my system. If it's just a name, then I don't have to consider anything else. This matters little. You could use any valid domain name or no at all. See https://bbs.archlinux.org/viewtopic.php?pid=999328#p999328, for nearly the same rule they used org.freedesktop... Thanks for that link. I noticed a few, subtle differences in the two files and decided to use this one, if, for no other reason than consistency. In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. You have to edit both .desktop files and add pkexec /path/to/program to the Exec= line. Do note that using pkexec requires an authentication agent to be running, such as polkit-gnome or lxpolkit. The file you mentioned is necessarry because pkexec won't allow running gui programs by default. Right now gparted.desktop has Exec= /usr/sbin/gparted %f To add pkexec to this file, would it read pkexec /usr/bin or similar to the entry now /usr/bin/pkexec %f? Also would I place it before the gparted line and separate it by space or ;. Or would it be better to have another Exec line before or after the gparted line? Thanks for your help, Armin. Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 07:58 PM, Dan McGhee wrote: On 12/11/2013 12:20 PM, Armin K. wrote: On 12/11/2013 06:45 PM, Dan McGhee wrote: This is a polkit action file to be put in /usr/share/polkit-1/actions directory. As written, it would go in that directory with the name org.archlinux.pkexec.gparted What I haven't been able to find is the answer to the following question. Does it matter that part of the name would be org.archlinux or is this just a name and doesn't refer to anything else on my system. There are only two org's in the actions I have now: freedesktop and xorg. Both of those have things installed on my system. If it's just a name, then I don't have to consider anything else. This matters little. You could use any valid domain name or no at all. See https://bbs.archlinux.org/viewtopic.php?pid=999328#p999328, for nearly the same rule they used org.freedesktop... Thanks for that link. I noticed a few, subtle differences in the two files and decided to use this one, if, for no other reason than consistency. In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. You have to edit both .desktop files and add pkexec /path/to/program to the Exec= line. Do note that using pkexec requires an authentication agent to be running, such as polkit-gnome or lxpolkit. The file you mentioned is necessarry because pkexec won't allow running gui programs by default. Right now gparted.desktop has Exec= /usr/sbin/gparted %f This would become Exec=pkexec /usr/sbin/gparted %f To add pkexec to this file, would it read pkexec /usr/bin or similar to the entry now /usr/bin/pkexec %f? Also would I place it before the gparted line and separate it by space or ;. Or would it be better to have another Exec line before or after the gparted line? Thanks for your help, Armin. Dan -- Note: My last name is not Krejzi. -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 12:20 PM, Armin K. wrote: On 12/11/2013 06:45 PM, Dan McGhee wrote: In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. You have to edit both .desktop files and add pkexec /path/to/program to the Exec= line. Do note that using pkexec requires an authentication agent to be running, such as polkit-gnome or lxpolkit. The file you mentioned is necessarry because pkexec won't allow running gui programs by default. When I first read this, I didn't do anything because I have polkit-gnome installed. When I made the changes for pkexec in the gparted.desktop file and tried to run it, nothing happened. I didn't even get the message that I needed to be root. I guess that's progress. But when I checked my installation of polkit-gnome, I discovered that I had forgotten to add the helper file in /etc/xde/autostart. I created that file and tried to run GParted again and once more nothing happened. I took a closer look at the file and saw the line: AutostartCondition=GNOME3 unless-session gnome I'm not using Gnome, but xfce4. I logged out and restarted xfce4, but gnome-polkit didn't start. I don't know how to change the line in the polkit-gnome.desktop file. Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 10:06 PM, Dan McGhee wrote: On 12/11/2013 12:20 PM, Armin K. wrote: On 12/11/2013 06:45 PM, Dan McGhee wrote: In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. You have to edit both .desktop files and add pkexec /path/to/program to the Exec= line. Do note that using pkexec requires an authentication agent to be running, such as polkit-gnome or lxpolkit. The file you mentioned is necessarry because pkexec won't allow running gui programs by default. When I first read this, I didn't do anything because I have polkit-gnome installed. When I made the changes for pkexec in the gparted.desktop file and tried to run it, nothing happened. I didn't even get the message that I needed to be root. I guess that's progress. You don't need to be root. As I said, pkexec *won't* allow you to run gui programs when using pkexec guiprogram unless you *create* a policy file in /usr/share/polkit-1/actions (which is the file you posted and I linked to in the arch forums). But when I checked my installation of polkit-gnome, I discovered that I had forgotten to add the helper file in /etc/xde/autostart. I created that file and tried to run GParted again and once more nothing happened. I took a closer look at the file and saw the line: AutostartCondition=GNOME3 unless-session gnome This condition makes sure polkit-gnome doesn't start in gnome-shell environment, which has its own polkit-authentication-agent, but that it starts in gnome fallback, which was available back then. I'm not using Gnome, but xfce4. I logged out and restarted xfce4, but gnome-polkit didn't start. I don't know how to change the line in the polkit-gnome.desktop file. Dan You don't need to change it at all. -- Note: My last name is not Krejzi. -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 03:56 PM, Armin K. wrote: On 12/11/2013 10:06 PM, Dan McGhee wrote: On 12/11/2013 12:20 PM, Armin K. wrote: On 12/11/2013 06:45 PM, Dan McGhee wrote: In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. You have to edit both .desktop files and add pkexec /path/to/program to the Exec= line. Do note that using pkexec requires an authentication agent to be running, such as polkit-gnome or lxpolkit. The file you mentioned is necessarry because pkexec won't allow running gui programs by default. When I first read this, I didn't do anything because I have polkit-gnome installed. When I made the changes for pkexec in the gparted.desktop file and tried to run it, nothing happened. I didn't even get the message that I needed to be root. I guess that's progress. You don't need to be root. As I said, pkexec *won't* allow you to run gui programs when using pkexec guiprogram unless you *create* a policy file in /usr/share/polkit-1/actions (which is the file you posted and I linked to in the arch forums). I was unclear in my statement. I created the policy file containing the action. I edited the gparted.desktop file to include pkexec. When I selected GParted in my Applications Menu, nothing happened. I did not even get a message. For clarity's sake, I'll include the files. I kept from doing this to keep the posts shorter. But maybe there is something in them that prevents what I'm trying to do. Here is /usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.run-gparted.policy: exec.run-gparted.policy ?xml version=1.0 encoding=UTF-8? !DOCTYPE policyconfig PUBLIC -//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd; policyconfig action id=org.freedesktop.policykit.pkexec.run-gparted descriptionRun GParted/description messageAuthentication is required to run GParted/message defaults allow_anyno/allow_any allow_inactiveno/allow_inactive allow_activeauth_admin_keep/allow_active /defaults annotate key=org.freedesktop.policykit.exec.path/usr/sbin/gparted/annotate annotate key=org.freedesktop.policykit.exec.allow_guiTRUE/annotate /action /policyconfig Here is /usr/share/applications/gparted.desktop: Name=GParted GenericName=Partition Editor Comment=Create, reorganize, and delete partitions Exec=pkexec /usr/sbin/gparted %f Icon=gparted Terminal=false Type=Application Categories=GNOME;System;Filesystem; StartupNotify=true And finally, the /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop: [Desktop Entry] Name=PolicyKit Authentication Agent Comment=PolicyKit Authentication Agent Exec=/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 Terminal=false Type=Application Categories= NoDisplay=true OnlyShowIn=GNOME;XFCE;Unity; AutostartCondition=GNOME3 unless-session gnome From everything I've read, I don't think I need a rule in /etc/polkit-1/rules.d. There is no rule there. Like I said, when I try to run Gparted from the desktop, absolutely nothing happens. It's got to be something quite simple now, but I can't see it. Also, Armin, thanks for explaining the autostart file options for me, and also for you other help so far. Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 11:53 PM, Dan McGhee wrote: On 12/11/2013 03:56 PM, Armin K. wrote: On 12/11/2013 10:06 PM, Dan McGhee wrote: On 12/11/2013 12:20 PM, Armin K. wrote: On 12/11/2013 06:45 PM, Dan McGhee wrote: In addition to GParted, I would like to employ this method for the Catalyst Control Center for my ATI-Radeon chip. You have to edit both .desktop files and add pkexec /path/to/program to the Exec= line. Do note that using pkexec requires an authentication agent to be running, such as polkit-gnome or lxpolkit. The file you mentioned is necessarry because pkexec won't allow running gui programs by default. When I first read this, I didn't do anything because I have polkit-gnome installed. When I made the changes for pkexec in the gparted.desktop file and tried to run it, nothing happened. I didn't even get the message that I needed to be root. I guess that's progress. You don't need to be root. As I said, pkexec *won't* allow you to run gui programs when using pkexec guiprogram unless you *create* a policy file in /usr/share/polkit-1/actions (which is the file you posted and I linked to in the arch forums). I was unclear in my statement. I created the policy file containing the action. I edited the gparted.desktop file to include pkexec. When I selected GParted in my Applications Menu, nothing happened. I did not even get a message. For clarity's sake, I'll include the files. I kept from doing this to keep the posts shorter. But maybe there is something in them that prevents what I'm trying to do. Here is /usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.run-gparted.policy: exec.run-gparted.policy ?xml version=1.0 encoding=UTF-8? !DOCTYPE policyconfig PUBLIC -//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd; policyconfig action id=org.freedesktop.policykit.pkexec.run-gparted descriptionRun GParted/description messageAuthentication is required to run GParted/message defaults allow_anyno/allow_any allow_inactiveno/allow_inactive allow_activeauth_admin_keep/allow_active /defaults annotate key=org.freedesktop.policykit.exec.path/usr/sbin/gparted/annotate annotate key=org.freedesktop.policykit.exec.allow_guiTRUE/annotate /action /policyconfig I've created /usr/share/polkit-1/actions/org.gnome.gparted.policy file with the same contents (name shouldn't matter), and restarted polkitd daemon. Here is /usr/share/applications/gparted.desktop: Name=GParted GenericName=Partition Editor Comment=Create, reorganize, and delete partitions Exec=pkexec /usr/sbin/gparted %f Icon=gparted Terminal=false Type=Application Categories=GNOME;System;Filesystem; StartupNotify=true I've edited the desktop file and made it same as yours. And finally, the /etc/xdg/autostart/polkit-gnome-authentication-agent-1.desktop: [Desktop Entry] Name=PolicyKit Authentication Agent Comment=PolicyKit Authentication Agent Exec=/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 Terminal=false Type=Application Categories= NoDisplay=true OnlyShowIn=GNOME;XFCE;Unity; AutostartCondition=GNOME3 unless-session gnome I have the same desktop file here. However, you do need to verify if authentication agent is started. Run ps aux | grep polkit. You should get something like: armin 726 0.0 0.2 565160 15636 ?Sl 17:48 0:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 in the output. From everything I've read, I don't think I need a rule in /etc/polkit-1/rules.d. There is no rule there. No, you don't need any. Like I said, when I try to run Gparted from the desktop, absolutely nothing happens. It's got to be something quite simple now, but I can't see it. You should see polkit authentication dialog, asking for an administrator password. Do note that an gui authentication agent *must* be running (polkit-gnome in this case). That said, with the same configuration, everything works fine here. I do, however, use polkit-0.10whatever with Linux PAM support. Not sure if that should matter. Also, Armin, thanks for explaining the autostart file options for me, and also for you other help so far. Dan -- Note: My last name is not Krejzi. -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
Something happened in my copy and paste skills. This is how /usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.run-gparted.policy should actually look (the first line in the previous post shouldn't be there): ?xml version=1.0 encoding=UTF-8? !DOCTYPE policyconfig PUBLIC -//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd; policyconfig action id=org.freedesktop.policykit.pkexec.run-gparted descriptionRun GParted/description messageAuthentication is required to run GParted/message defaults allow_anyno/allow_any allow_inactiveno/allow_inactive allow_activeauth_admin_keep/allow_active /defaults annotate key=org.freedesktop.policykit.exec.path/usr/sbin/gparted/annotate annotate key=org.freedesktop.policykit.exec.allow_guiTRUE/annotate /action /policyconfig Sorry for the noise. Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/12/2013 12:19 AM, Dan McGhee wrote: On 12/11/2013 05:01 PM, Armin K. wrote: I have the same desktop file here. However, you do need to verify if authentication agent is started. Run ps aux | grep polkit. You should get something like: armin 726 0.0 0.2 565160 15636 ?Sl 17:48 0:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 in the output. This is the exact output I get: polkitd 807 0.0 0.1 514052 9048 ? Sl 06:19 0:00 /usr/lib/polkit-1/polkitd --no-debug dan 12378 0.0 0.1 240516 7348 tty1 Sl 15:20 0:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 root 12804 0.0 0.0 16416 1100 pts/0 S+ 17:15 0:00 grep --color=auto polkit It looks like what you got, but Gparted doesn't start. I don't know enough to distinguish the forest from the trees here and am responding only to what you say. I don't have the knowledge to analyze this. Dan You can always try running pkexec /usr/sbin/gparted from a terminal and check the output. -- Note: My last name is not Krejzi. -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 05:35 PM, Armin K. wrote: On 12/12/2013 12:19 AM, Dan McGhee wrote: On 12/11/2013 05:01 PM, Armin K. wrote: I have the same desktop file here. However, you do need to verify if authentication agent is started. Run ps aux | grep polkit. You should get something like: armin 726 0.0 0.2 565160 15636 ?Sl 17:48 0:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 in the output. This is the exact output I get: polkitd 807 0.0 0.1 514052 9048 ? Sl 06:19 0:00 /usr/lib/polkit-1/polkitd --no-debug dan 12378 0.0 0.1 240516 7348 tty1 Sl 15:20 0:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 root 12804 0.0 0.0 16416 1100 pts/0 S+ 17:15 0:00 grep --color=auto polkit It looks like what you got, but Gparted doesn't start. I don't know enough to distinguish the forest from the trees here and am responding only to what you say. I don't have the knowledge to analyze this. Dan You can always try running pkexec /usr/sbin/gparted from a terminal and check the output. Interesting output. Now I need to find out why when running pkexec from the terminal, it thinks I'm somebody else. dan [ ~ ]$ pkexec /usr/sbin/gparted Error executing command as another user: Not authorized Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/12/2013 12:47 AM, Dan McGhee wrote: On 12/11/2013 05:35 PM, Armin K. wrote: On 12/12/2013 12:19 AM, Dan McGhee wrote: On 12/11/2013 05:01 PM, Armin K. wrote: I have the same desktop file here. However, you do need to verify if authentication agent is started. Run ps aux | grep polkit. You should get something like: armin 726 0.0 0.2 565160 15636 ?Sl 17:48 0:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 in the output. This is the exact output I get: polkitd 807 0.0 0.1 514052 9048 ? Sl 06:19 0:00 /usr/lib/polkit-1/polkitd --no-debug dan 12378 0.0 0.1 240516 7348 tty1 Sl 15:20 0:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 root 12804 0.0 0.0 16416 1100 pts/0 S+ 17:15 0:00 grep --color=auto polkit It looks like what you got, but Gparted doesn't start. I don't know enough to distinguish the forest from the trees here and am responding only to what you say. I don't have the knowledge to analyze this. Dan You can always try running pkexec /usr/sbin/gparted from a terminal and check the output. Interesting output. Now I need to find out why when running pkexec from the terminal, it thinks I'm somebody else. dan [ ~ ]$ pkexec /usr/sbin/gparted Error executing command as another user: Not authorized Dan This is due to consolekit misconfiguration. Most people ignore recommended dependency of Linux PAM on the ConsoleKit page, which is really, really *required* if you want ConsoleKit to work correctly. On the other hand, I use systemd, which has logind - a replacement for consolekit so I don't really know if polkit works anymore with just consolekit. Post output of ck-list-sessions. It should read something like (if the memory serves me well) active: yes, local: yes. If these two are not yes, then consolekit is not configured correctly. -- Note: My last name is not Krejzi. -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
Re: [blfs-support] Polkit Actions
On 12/11/2013 05:50 PM, Armin K. wrote: On 12/12/2013 12:47 AM, Dan McGhee wrote: On 12/11/2013 05:35 PM, Armin K. wrote: On 12/12/2013 12:19 AM, Dan McGhee wrote: You can always try running pkexec /usr/sbin/gparted from a terminal and check the output. Interesting output. Now I need to find out why when running pkexec from the terminal, it thinks I'm somebody else. dan [ ~ ]$ pkexec /usr/sbin/gparted Error executing command as another user: Not authorized This is due to consolekit misconfiguration. Most people ignore recommended dependency of Linux PAM on the ConsoleKit page, which is really, really *required* if you want ConsoleKit to work correctly. On the other hand, I use systemd, which has logind - a replacement for consolekit so I don't really know if polkit works anymore with just consolekit. Post output of ck-list-sessions. It should read something like (if the memory serves me well) active: yes, local: yes. If these two are not yes, then consolekit is not configured correctly. I had just done this when your reply arrived and I had thought there was something wrong with consolekit. Here's the output Session3: unix-user = '100' realname = '(null)' seat = 'Seat4' session-type = '' active = FALSE x11-display = '' x11-display-device = '' display-device = '/dev/tty1' remote-host-name = '' is-local = FALSE on-since = '2013-12-11T21:20:56.318833Z' login-session-id = '4294967295' idle-since-hint = '2013-12-11T21:21:26.873134Z' And I'm one of the ones who didn't install pam. I'll check into all of this. Once again, thanks, Armin Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page