Trying access control without unix groups
dariemp
dariemp at uci.cu
Sun Feb 24 15:23:34 PST 2008
Hello people:
I wrote here sometime before that I was trying to solve a problem with
authenticated domain users (from a Microsoft Active Directory) through
pam_winbind.so, in which DBus doesn't recognize supplementary groups
assigned by pam_group.so (my solution was to use pam_group.so to assign
those users to plugdev group to allow domain users to automount
removable media). I though that it was a nasty bug, but Avery Pennarun
told me that the solution was avoiding unix groups by using PolicyKit.
Well, now I compiled and installed dbus-1.1.4, hal-0.5.10,
policykit-0.6. Aparently, my HAL supports policykit well and PoliciKit
is configured to allow anyone to mount removable media, but Dbus is
still complaining about access. I can't find any configuration file
in /etc/dbus-1 with references to PolicyKit. Is it supported somehow? Am
I looking in the wrong place? Is there any other way to solve the
problem with those supplementary groups? Any patch? Anything?
greetings,
Dariem
PS - In Ubuntu/Debian, supplementary groups work just fine, but I'm
using Gentoo.
More information about the dbus
mailing list