First of all, in modern Debian distributions there is polkit-1. The policy kit infrastructure consists of, among others, a D-BUS service org.freedesktop.PolicyKit1 implemented as /usr/lib/policykit-1/polkitd. The service is used on behalf of user applications wanting to talk to privileged processes, the latter being described by so called actions stored in /usr/share/polkit-1/actions/. Policy kit's job is either to grant permission for an application to talk to a privileged process, or not. Each action, apart from the service it describes, provides default permissions for different kinds of sessions: active sessions, inactive sessions and any kind of sessions. For example, org.freedesktop.udisks.policy file contains descriptions of a number of actions related to disks (like mount/unmount and such).
It turns out, that of the n + 1 X sessions (Xinerama + n seats), only the Xinerama session happens to be ACTIVE. All other sessions, started through Xephyrs, are PASSIVE. And by default PASSIVE sessions are not allowed to mount USB drives, which is expressed by <allow_inactive>no</allow_inactive> in org.freedesktop.udisks.policy. Nor are they allowed to suspend the machine, see org.freedesktop.upower.policy. In different places advice can be found to edit .policy files. Don't! It is not the right way to do it. Instead, create files in /etc/polkit-1/localauthority/50-local.d/. I use the following two:
10-org.freedesktop.upower.pkla:
[Suspend/hibernate permissions]
Identity=unix-group:power
Action=org.freedesktop.upower.suspend
ResultAny=yes
ResultInactive=yes
ResultActive=yes
Identity=unix-group:power
Action=org.freedesktop.upower.suspend
ResultAny=yes
ResultInactive=yes
ResultActive=yes
20-org.freedesktop.udisks.pkla:
[Storage Permissions]Identity=unix-group:storage
Action=org.freedesktop.udisks.change;org.freedesktop.udisks.drive-detach;org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.filesystem-mount;org.freedesktop.udisks.filesystem-unmount-others
ResultAny=yes
ResultInactive=yes
ResultActive=yes
In order for this setup to work, the users in question must belong to groups power and storage.
I handle mounting USB drives manually, that is, in a file manager drives show up automatically after plugging in, but one of the users (each time it can be a different user) must explicitly mount them for him/herself. In LXDE's pcmanfm->Edit->Preferences->Volume management "Mount removable media automatically when they are inserted" and "Mount mountable volumes automatically on program startup" are unchecked. In other words, the multiseat users must collaborate to decide who mounts the newly inserted USB drive. If it were to happen automatically, the user whose file manager mounts the drive first wins the race. And race is not what we want here.
As you might have noticed, I use LXDE. Gnome-3 looks to heavy. And besides, with Xephyr's lack of GLX support, only the classic appearance is available, so I choose the lighter alternative.
Brak komentarzy:
Prześlij komentarz