polkit 規則無法辨識 raspbian 拉伸

tag-icon tag-icon raspbian polkit udisks
polkit 規則無法辨識 raspbian 拉伸

我正在運行 raspbian 擴展,我想授予群組使用者的每個成員安裝和卸載 usb-pendrives 的權利

因此我安裝了:udisks2

/usr/share/polkit-1/rules.d/50-udisks.rules我創建了一個包含以下內容的*.rules 檔案:

polkit.addRule(function(action, subject) {


var YES = polkit.Result.YES;
  var permission = {
    // only required for udisks1:
    "org.freedesktop.udisks.filesystem-mount": YES,
    "org.freedesktop.udisks.filesystem-mount-system-internal": YES,
    "org.freedesktop.udisks.luks-unlock": YES,
    "org.freedesktop.udisks.drive-eject": YES,
    "org.freedesktop.udisks.drive-detach": YES,
    // only required for udisks2:
    "org.freedesktop.udisks2.filesystem-mount": YES,
    "org.freedesktop.udisks2.filesystem-mount-system": YES,
    "org.freedesktop.udisks2.encrypted-unlock": YES,
    "org.freedesktop.udisks2.eject-media": YES,
    "org.freedesktop.udisks2.power-off-drive": YES,
    // required for udisks2 if using udiskie from another seat (e.g. systemd):
    "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
    "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
    "org.freedesktop.udisks2.eject-media-other-seat": YES,
    "org.freedesktop.udisks2.power-off-drive-other-seat": YES
  };
  if (subject.isInGroup("users")) {
    return permission[action.id];
  }
});

我重新啟動了 polkit 服務:

systemctl restart polkit

發出時:udiskctl mount -b /dev/sda1 仍要求使用者以 root 身分登入。

知道出了什麼問題嗎?

答案1

看來這是因為 Debian 尚未使用 JavaScript 樣式規則檔。您必須將*.pkla這樣的文件放入/etc/polkit-1/localauthority/50-local.d/53-udisk.pkla.

名為「user」的單一使用者的內容:

/etc/polkit-1/localauthority/50-local.d/53-udisk.pkla

[Enable Controlling of udisk]
Identity=unix-user:user
Action=org.freedesktop.udisks.filesystem-mount;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.udisks.luks-unlock;org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.drive-detach;org.freedesktop.udisks2.filesystem-mount;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock;org.freedesktop.udisks2.eject-media;org.freedesktop.udisks2.power-off-drive;org.freedesktop.udisks2.filesystem-mount-other-seat;org.freedesktop.udisks2.encrypted-unlock-other-seat;org.freedesktop.udisks2.eject-media-other-seat;org.freedesktop.udisks2.power-off-drive-other-seat
ResultAny=yes
ResultInactive=yes
ResultActive=yes

這樣,它現在就可以在 raspbianstretch 或 jessie 上為我工作了!

答案2

我可以使用以下設定向 udisk 申請權限。

/etc/polkit-1/localauthority/50-local.d/50-udisks.pkla

[udisks]
Identity=unix-group:users
Action=org.freedesktop.udisks*
ResultAny=yes
ResultInactive=no
ResultActive=yes

參考:https://mxlinux.org/wiki/system/mount-internal-partition-without-using-root-password/

相關內容