KDE 3.5.5 - hal,dbus with Debain Edge HOWTO

Since i had various problems setting up our office system to use USB-devices like USB-sticks and cameras, i decided to write this HOWTO.

I installed the packages udev, dbus and hal.

To activate dbus i had to change the variable ENABLED=1 in '/etc/default/dbus'

Now restart dbus (hal gets started with it):
# /etc/init.d/dbus restart

KDE now recognizes if one plugs in a USB-device. And it presents a window where one can choose what to do.

But if you choose 'Open' ... you get the following warning

A security policy in place prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)" destination "org.freedesktop.Hal")

This means, that the KDE session has not the nessescary rights to send a mount message via the dbus.

If you look at the config file '/etc/dbus-1/system.d/hal.conf' you can find the following policy

  <policy group="plugdev">
    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
  </policy>

my user account is member of the group plugdev ... but via '/etc/security/group.conf' that doesn't work ...

SOLUTION 1:
If you use your linux-box only at home, then just add your username to '/etc/group'
=> after logging out and in again it works !

SOLUTION 2:
If you have a big system with hundreds of users and groups, you can't add everybody by hand ...
So i had a look at '/etc/dbus-1/system.d/hal.conf' again ... and found this :

  <!-- This will not work if pam_console support is not enabled -->
  <policy at_console="true">
    <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
  </policy>

Since i use a Debian distribution, there is no pam_console for security reasons. Therefore i downloaded the dbus-source and pam_console packages and had a look at it them how to set 'at_console=true'

I found out that it's sufficient, that you create a ordenary file (name of login) under '/var/run/console'.
If you now log in (kdm) as this user 'at_console=true' is set !

To automate that, i modified the files Xsetup and Xreset in the directory '/etc/kde3/kdm'

/etc/kde3/kdm/Xsetup

#! /bin/sh # Xstartup - run as root before session starts PATH="$PATH:/usr/bin/X11" if [ -e /etc/nologin ]; then # always display the nologin message, if possible if [ -s /etc/nologin ] && which xmessage > /dev/null 2>&1; then xmessage -file /etc/nologin -geometry 640x480 fi if [ "$(id -u)" != "0" ] && \ ! grep -qs '^ignore-nologin' /etc/kde3/kdm/kdm.options; then exit 1 fi fi

if [ -d /var/run/console ]; then rm -rf /var/run/console fi mkdir --mode 755 /var/run/console touch /var/run/console/$USER
part to add

if grep -qs '^use-sessreg' /etc/kde3/kdm/kdm.options && \ which sessreg > /dev/null 2>&1; then exec sessreg -a -l "$DISPLAY" -u /var/run/utmp \ -h "`echo $DISPLAY | cut -d: -f1`" "$USER" # NOTREACHED fi

/etc/kde3/kdm/Xreset

#! /bin/sh # Xreset - run as root after session exits # Reassign ownership of the console to root, this should disallow # assignment of console output to any random users's xterm. See Xstartup. # #chown root /dev/console #chmod 622 /dev/console

rm -f /var/run/console/$USER
part to add

if grep -qs '^use-sessreg' /etc/kde3/kdm/kdm.options && \ which sessreg > /dev/null 2>&1; then exec sessreg -d -l "$DISPLAY" -u /var/run/utmp \ -h "`echo $DISPLAY | cut -d: -f1`" "$USER" # NOTREACHED fi

ADDON:

If you use your own kernel (a newer one) than you should activate

General setup -> Create deprecated sysfs files

Else KDE recognizes USB-devices as Harddisks :( ...

ADDON 2:

If you want to change the name of real mount-point (/media/disk[-X])
You can add a new policy in '/etc/hal/fdi/policy/preferences.fdi'

<device>
  <match key="@info.parent:storage.bus" string="usb">

    <merge key="volume.policy.desired_mount_point" type="string">usbdevice</merge>

  </match>
</device>

/etc/kde3/kdm/Xsetup
#! /bin/sh # Xstartup - run as root before session starts PATH="$PATH:/usr/bin/X11" if [ -e /etc/nologin ]; then # always display the nologin message, if possible if [ -s /etc/nologin ] && which xmessage > /dev/null 2>&1; then xmessage -file /etc/nologin -geometry 640x480 fi if [ "$(id -u)" != "0" ] && \ ! grep -qs '^ignore-nologin' /etc/kde3/kdm/kdm.options; then exit 1 fi fi
if [ -d /var/run/console ]; then rm -rf /var/run/console fi mkdir --mode 755 /var/run/console touch /var/run/console/$USER	part to add
if grep -qs '^use-sessreg' /etc/kde3/kdm/kdm.options && \ which sessreg > /dev/null 2>&1; then exec sessreg -a -l "$DISPLAY" -u /var/run/utmp \ -h "`echo $DISPLAY \| cut -d: -f1`" "$USER" # NOTREACHED fi

/etc/kde3/kdm/Xreset
#! /bin/sh # Xreset - run as root after session exits # Reassign ownership of the console to root, this should disallow # assignment of console output to any random users's xterm. See Xstartup. # #chown root /dev/console #chmod 622 /dev/console
rm -f /var/run/console/$USER	part to add
if grep -qs '^use-sessreg' /etc/kde3/kdm/kdm.options && \ which sessreg > /dev/null 2>&1; then exec sessreg -d -l "$DISPLAY" -u /var/run/utmp \ -h "`echo $DISPLAY \| cut -d: -f1`" "$USER" # NOTREACHED fi