Ubuntu

unable to mount disks in dolphin / hal permission denied

Reported by Schmirrwurst on 2010-02-27
172
This bug affects 35 people
Affects Status Importance Assigned to Milestone
hal (Ubuntu)
High
Martin Pitt
Lucid
High
Martin Pitt
kde4libs (Ubuntu)
High
Alessandro Ghersi
Lucid
High
Alessandro Ghersi

Bug Description

Binary package hint: kdebase

When I tried to mount a unmounted partition in dolphin, I get following error message :
org.freedesktop.Hald.device.volume.permissionDenied: Refusing to mount device /dev/sdax for uid=xxxx

ProblemType: Bug
Architecture: amd64
Date: Sat Feb 27 09:47:29 2010
DistroRelease: Ubuntu 10.04
NonfreeKernelModules: nvidia
Package: dolphin 4:4.4.0-0ubuntu2
ProcEnviron:
 LANGUAGE=fr_FR:fr:en_GB:en
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-14.20-generic
SourcePackage: kdebase
Uname: Linux 2.6.32-14-generic x86_64

Schmirrwurst (schmirrwurst) wrote :
Rohan Garg (rohangarg) wrote :

I can confirm this on a Lucid Live cd,i could not mount a unmounted partition and dolphin gave me the above said error

Changed in kdebase (Ubuntu):
status: New → Confirmed
koso (koso) wrote :

Same problem here on i686 install. Workaround is to use dolphin with root privileges (kdesu dolphin). Also privileged dolphin prints out some unspecified error when mounting, but mount is successful.

Caffeine (kfnspmtest) wrote :

Same problem. Tried editing policykit and policykit-1 policy files.and adding user to several groups. Normally it seems that on default policy, admin group should be granted to mount fixed drives, but somehow it doesn't work.

Rohan Garg (rohangarg) wrote :

This bug is still reproducible on lucid daily builds as of 17th March,this should be resolved asap since users would actually be scared of installing stuff until they are ensured their data is safe and can be accessed via Kubuntu too!

Jonathan Riddell (jr) on 2010-03-17
Changed in kdebase (Ubuntu Lucid):
milestone: none → ubuntu-10.04-beta-2
tags: added: kubuntu
Changed in kdebase (Ubuntu Lucid):
importance: Undecided → High
Eddy2004 (eddy2004) wrote :

Same for me. Installing ubuntu then kubuntu-desktop package has same effect. The only work-around I found was to use nautilus... Also weird is the fact than once mounted by another mean, I can unmount/remount the partitions with dolphin without problems...

Martin Pitt (pitti) wrote :

In Lucid, hal does not use policykit any more, since the old policykit 0.9 stack is deprecated and removed, and hal itself is deprecated and thus does not get ported to polkit-1 any more. Access is now controlled through /etc/dbus-1/system.d/hal.conf, which should allow mounting internal storage devices for users which are on a local foreground console. This is slightly more open than we prefer, though.

Is Kubuntu even using that? When we dropped policykit from hal in Karmic, we did not yet allow access to org.freedesktop.Hal.Device.Storage, and it was working just fine. At that time I was told that Kubuntu uses a kdesu wrapper to mount system-internal storage.

Can some Kubuntu developer please give a quick explanation of how mounting system internal partitions is supposed to work these days? I'm happy to help working out a solution, I'm subscribed to the bug now.

Jonathan Thomas (echidnaman) wrote :

[16:08:24] <ubottu> Launchpad bug 528907 in kdebase "unable to mount disks in dolphin / hal permission denied" [High,Confirmed] https://launchpad.net/bugs/528907
[16:09:35] <JontheEchidna> ScottK: I think we have a patch that should do the launch-with-kdesu bit. Appears to not be working though
[16:10:16] <Quintasan> JontheEchidna: it is in kdebase-apps?
[16:10:30] <JontheEchidna> Quintasan: the patch is in regular kdebase, yes
[16:10:35] <JontheEchidna> I think

[16:10:51] <ScottK> That'd make sense.
[16:10:58] <JontheEchidna> maybe kde4libs
[16:11:17] <JontheEchidna> yeah, kde4libs, kubuntu_06_user_disk_mounting.diff
[16:11:43] <JontheEchidna> I don't know much except "It should in theory work" and "this seems to break in a different way at least once per cycle"

The hal authentication bits didn't change since Karmic. However, what
did change is that hal moved from being started in an init script to
being D-Bus activated. Can you check if hal is actually running after
starting KDE?

zoolook (nbensa) wrote :

Yup. It's running...

zoolook@venkman:~$ ps ax | grep hal
 5344 ? Ssl 0:00 /usr/sbin/hald
 5345 ? S 0:00 hald-runner
 5368 ? S 0:00 hald-addon-input: Listening on /dev/input/event4 /dev/input/event3 /dev/input/event0 /dev/input/event1
 5387 ? S 0:00 hald-addon-hid-ups: listening on /dev/usb/hiddev0
 5388 ? S 0:00 hald-addon-storage: polling /dev/sde (every 2 sec)
 5389 ? S 0:00 /usr/lib/hal/hald-addon-cpufreq
 5390 ? S 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
 5391 ? S 0:00 hald-addon-storage: polling /dev/sdd (every 2 sec)
 5392 ? S 0:00 hald-addon-storage: polling /dev/sdf (every 2 sec)
 5393 ? S 0:00 hald-addon-storage: polling /dev/sdh (every 2 sec)
 5396 ? S 0:00 hald-addon-storage: polling /dev/sdg (every 2 sec)
 5397 ? S 0:05 hald-addon-storage: polling /dev/sr0 (every 2 sec)
 5877 ? S 0:00 hald-addon-storage: polling /dev/sdi (every 2 sec)

Changed in kdebase (Ubuntu Lucid):
assignee: nobody → Alessandro Ghersi (alessandro-ghersi)
status: Confirmed → In Progress

Needs testing...you can test the fix adding this:

deb http://ppa.launchpad.net/alessandro-ghersi/staging/ubuntu lucid main

to sources.list, and upgrade

Jonathan Riddell (jr) on 2010-03-30
affects: kdebase (Ubuntu Lucid) → hal (Ubuntu Lucid)
Giuseppe Pennisi (giupenni78) wrote :

This fix the problem.
thanks!

RagTimE (cragtime) wrote :

@Jonathan Riddell thank you I will test later

this was fast

regrets

Martin Pitt (pitti) wrote :

Ah, good catch! Indeed, this is an old leftover, and obsolete with 01_at_console.patch.

Could this also be the source of complaints about USB mounting problems in Karmic?

I don't think, because the patch that I disabled in the fix was introduced in 0.5.14-0ubuntu1 in Lucid

By the way, also Debian should be affected by this bug, at least with KDE. I saw they still have 10_nonpolkit-mount-policy.patch in their package (http://packages.debian.org/source/unstable/hal) Unstable and Testing

Martin Pitt (pitti) wrote :

I'll sponsor this.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package hal - 0.5.14-0ubuntu4

---------------
hal (0.5.14-0ubuntu4) lucid; urgency=low

  * Disable 10_nonpolkit-mount-policy.patch (LP: #528907)
    - We want allow users (and not only root) to mount storage devices
 -- Alessandro Ghersi <email address hidden> Tue, 30 Mar 2010 08:32:58 +0200

Changed in hal (Ubuntu Lucid):
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Reopening for kdelibs. It occurred to me that changing this in hal actually opens quite a large security hole: _any_ user (or malicious script), not just admins, can now change/reformat/tamper with internal storage devices, including the system partition, thus I'd rather leave this disabled in hal (it has never been allowed in hal until yesterday).

Can we get the original kubuntu_06_user_disk_mounting.diff fixed, to use kdesu again?

affects: kdelibs (Ubuntu Lucid) → kdebase (Ubuntu Lucid)
Changed in kdebase (Ubuntu Lucid):
assignee: nobody → Alessandro Ghersi (alessandro-ghersi)
importance: Undecided → High
milestone: none → ubuntu-10.04-beta-2
status: New → Triaged
Martin Pitt (pitti) wrote :

I'll revert the hal change if/once we fix kdebase.

Changed in hal (Ubuntu Lucid):
assignee: Alessandro Ghersi (alessandro-ghersi) → Martin Pitt (pitti)
status: Fix Released → Invalid
status: Invalid → In Progress
Martin Pitt (pitti) wrote :

I reverted the hal change now, it's too much of a security hole. Sorry for not seeing that in my initial review.

Changed in hal (Ubuntu Lucid):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package hal - 0.5.14-0ubuntu5

---------------
hal (0.5.14-0ubuntu5) lucid; urgency=low

  * Revert the previous change. We do not want any user to modify internal
    system partitions without any authentication, it creates too much of a
    security hole. Instead, the patch in kdelibs should be fixed, after all it
    worked fine in karmic and earlier. (LP: #528907)
 -- Martin Pitt <email address hidden> Thu, 01 Apr 2010 12:01:16 +0200

Changed in hal (Ubuntu Lucid):
status: Fix Committed → Fix Released
affects: kdebase (Ubuntu Lucid) → kde4libs (Ubuntu Lucid)
Changed in kde4libs (Ubuntu Lucid):
status: Triaged → Fix Committed

For testing. It's building here: https://edge.launchpad.net/~alessandro-ghersi/+archive/staging/+packages
Make sure also you have hal 0.5.14-0ubuntu5 installed

Or 0.5.14-0ubuntu3 since the last hal upload is not yet build on amd64 in this moment

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kde4libs - 4:4.4.2-0ubuntu2

---------------
kde4libs (4:4.4.2-0ubuntu2) lucid; urgency=low

  * In kubuntu_06_user_disk_mounting.diff (LP: #528907)
    - callHalPrivilegedVolumeMount() if the error is
      org.freedesktop.Hal.Device.Volume.PermissionDenied
      the error for umount is not changed, keep what there's already
 -- Alessandro Ghersi <email address hidden> Thu, 01 Apr 2010 22:23:43 +0200

Changed in kde4libs (Ubuntu Lucid):
status: Fix Committed → Fix Released

For me, the situation is bad! My external LaCie is not mounted automatically, and now also the plasma device manger doesn't show even my usb pen, before it worked!

For me the bug is not closed

Giulio Spinozzi [2010-04-15 11:08 -0000]:
> For me, the situation is bad! My external LaCie is not mounted
> automatically, and now also the plasma device manger doesn't show even
> my usb pen, before it worked!

This is unrelated to permissions to mount internal storage, though.

Yoann Laissus (yoann-laissus) wrote :

Since my lucid update, mounting partitions (e-sata external drive or internal partitions) with dolphin or the device manager needs root rights while it works great with karmic / kde 4.4.2

Benjamin Kay (benkay) wrote :

My understanding is that allowing the mounting fixed media (e-sata counts as "fixed" even though it technically is removable) without superuser privileges creates a security hole. Thus, you must enter your password in Dolphin in order to do so. If you really don't want to have to enter your password, you could use probably use policykit to achieve the desired effect. Something like

polkit-auth --grant org.freedesktop.hal.storage.mount-fixed --user your-username

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers