Problem accessing raw1394 device as a normal user

Similar Messages

• [SOLVED] DBUS boot problems - Mounting system devices as a normal user

  I have the [testing] and [community-testing] repositories enabled. A few days ago, probably due to an update, I started having trouble mounting devices and the shutdown/reboot options don't show up anymore on the LXDE exit menu.
  I use gvfs for mounting devices as a normal user with PCManFM or Thunar. The error message is "Authentication is required".
  After some testing, I found out that by restarting dbus, I could start mounting devices again:
  /etc/rc.d/dbus restart
  So my guess is that there's some problem with dbus startup. I have it in DAEMONS of rc.conf, as well as .xinitrc, the daemon seems to start correctly on boot, and it worked previously, so I have no idea of what could be wrong.
  My ~/.xinitrc:
  if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
  [ -x "$f" ] && . "$f"
  done
  unset f
  fi
  if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
  eval 'dbus-launch --sh-syntax --exit-with-session'
  fi
  numlockx && exec ck-launch-session dbus-launch startlxde
  My /etc/rc.conf:
  # /etc/rc.conf - Main Configuration for Arch Linux
  # LOCALIZATION
  # LOCALE: available languages can be listed with the 'locale -a' command
  # DAEMON_LOCALE: If set to 'yes', use $LOCALE as the locale during daemon
  # startup and during the boot process. If set to 'no', the C locale is used.
  # HARDWARECLOCK: set to "", "UTC" or "localtime", any other value will result
  # in the hardware clock being left untouched (useful for virtualization)
  # Note: Using "localtime" is discouraged, using "" makes hwclock fall back
  # to the value in /var/lib/hwclock/adjfile
  # TIMEZONE: timezones are found in /usr/share/zoneinfo
  # Note: if unset, the value in /etc/localtime is used unchanged
  # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
  # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
  # CONSOLEMAP: found in /usr/share/kbd/consoletrans
  # USECOLOR: use ANSI color sequences in startup messages
  LOCALE="ca_AD.UTF-8"
  DAEMON_LOCALE="no"
  HARDWARECLOCK="UTC"
  TIMEZONE="Europe/Andorra"
  KEYMAP="es"
  CONSOLEFONT=
  CONSOLEMAP=
  USECOLOR="yes"
  # HARDWARE
  # MODULES: Modules to load at boot-up. Blacklisting is no longer supported.
  # Replace every !module by an entry as on the following line in a file in
  # /etc/modprobe.d:
  # blacklist module
  # See "man modprobe.conf" for details.
  MODULES=()
  # Udev settle timeout (default to 30)
  UDEV_TIMEOUT=30
  # Scan for FakeRAID (dmraid) Volumes at startup
  USEDMRAID="no"
  # Scan for BTRFS volumes at startup
  USEBTRFS="no"
  # Scan for LVM volume groups at startup, required if you use LVM
  USELVM="no"
  # NETWORKING
  # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
  HOSTNAME="localhost"
  # Use 'ip addr' or 'ls /sys/class/net/' to see all available interfaces.
  # Wired network setup
  # - interface: name of device (required)
  # - address: IP address (leave blank for DHCP)
  # - netmask: subnet mask (ignored for DHCP) (optional, defaults to 255.255.255.0)
  # - broadcast: broadcast address (ignored for DHCP) (optional)
  # - gateway: default route (ignored for DHCP)
  # Static IP example
  # interface=eth0
  # address=192.168.0.2
  # netmask=255.255.255.0
  # broadcast=192.168.0.255
  # gateway=192.168.0.1
  # DHCP example
  # interface=eth0
  # address=
  # netmask=
  # gateway=
  interface=eth0
  address=
  netmask=
  broadcast=
  gateway=
  # Setting this to "yes" will skip network shutdown.
  # This is required if your root device is on NFS.
  NETWORK_PERSIST="no"
  # Enable these netcfg profiles at boot-up. These are useful if you happen to
  # need more advanced network features than the simple network service
  # supports, such as multiple network configurations (ie, laptop users)
  # - set to 'menu' to present a menu during boot-up (dialog package required)
  # - prefix an entry with a ! to disable it
  # Network profiles are found in /etc/network.d
  # This requires the netcfg package
  #NETWORKS=(main)
  # DAEMONS
  # Daemons to start at boot-up (in this order)
  # - prefix a daemon with a ! to disable it
  # - prefix a daemon with a @ to start it up in the background
  # If you are sure nothing else touches your hardware clock (such as ntpd or
  # a dual-boot), you might want to enable 'hwclock'. Note that this will only
  # make a difference if the hwclock program has been calibrated correctly.
  # If you use a network filesystem you should enable 'netfs'.
  DAEMONS=(hwclock syslog-ng network crond alsa dbus cupsd)
  Thanks!
  Last edited by gamezelda (2011-11-08 19:28:04)

  I solved it.
  The Wiki page for Mounting for normal users with PCManFM tells to create a "/etc/polkit-1/localauthority/50-local.d/55-myconf.pkla" file specifying the privileges to grant to the user. The problem is that it does not include the privilege needed to mount internal drives (which was what I was trying to mount). To fix it, I added:
  ;org.freedesktop.udisks.filesystem-mount-system-internal
  To the "Action=..." line.
  (Though I have no idea why it worked before it broke, or why restarting dbus after initializing my WM fixed it.)
  As for the power issues, I've concluded that it was working, but restarting dbus after initializing my WM broke it (my bad for not checking it before restaring dbus). So it all works now.

• ALSA device busy for normal user (not root) after systemd [resolved]

  I'm not able to get audio when using a normal user (device or resource busy) but root works just fine. I think I've messed something up since I just removed consolekit and switched to systemd.
  Here's what my .xinitrc looks like
  #!/bin/sh
  # ~/.xinitrc
  # Executed by startx (run your window manager from here)
  if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
  [ -x "$f" ] && . "$f"
  done
  unset f
  fi
  #exec gnome-session
  #exec startkde
  #exec startxfce4
  #exec enlightenment_start
  # ...or the Window Manager of your choice
  #exec ck-launch-session startlxde
  exec dbus-launch startlxde
  I use LightDM via systemd service and LXDE. My devices in /dev/snd aren't actually busy. Nobody is using them and they work fine for root.
  Where else should I be looking for trouble? Anyone have a similar experience?
  Last edited by royallthefourth (2013-06-12 17:32:20)

  It says I'm in the audio group. Here's the permission on the audio devices:
  crw-rw----+ 1 root audio 116, 6 Jun 12 03:45 controlC0
  crw-rw----+ 1 root audio 116, 9 Jun 12 03:45 controlC1
  crw-rw----+ 1 root audio 116, 11 Jun 12 03:45 controlC2
  crw-rw----+ 1 root audio 116, 8 Jun 12 03:45 hwC1D0
  crw-rw----+ 1 root audio 116, 5 Jun 12 03:45 pcmC0D0c
  crw-rw----+ 1 root audio 116, 4 Jun 12 03:45 pcmC0D0p
  crw-rw----+ 1 root audio 116, 3 Jun 12 03:45 pcmC0D1c
  crw-rw----+ 1 root audio 116, 2 Jun 12 03:45 pcmC0D1p
  crw-rw----+ 1 root audio 116, 7 Jun 12 03:45 pcmC1D3p
  crw-rw----+ 1 root audio 116, 10 Jun 12 03:45 pcmC2D0c
  crw-rw----+ 1 root audio 116, 1 Jun 12 03:45 seq
  crw-rw----+ 1 root audio 116, 33 Jun 12 03:45 timer
  I ought to have access to these, right?

• Can't mount usb devices as a normal user

  Hi.
  I woud like to ask for help. I've been struggling with some "bug" that i came with Arch and usb devices (disks, pendrives). I can't mount it as a normal user using KDE default mounting software (Dolphin, for an exmample). I can mount it only in therminal by using sudo privileages. Is there a way to fix it? I read it, the same problem:
  https://bbs.archlinux.org/viewtopic.php?id=180025
  I tried to check everything according this topic, also with udisk2 archwiki thread but on my desktop machine i just can't mount usb devices without root password. This is how the error looks like for a Dolphin:
  <Over sized Image removed. URL link preserved>
  This is the error, from picture
  Error when trying to use acces to "removable device 7,5GB". System showed: The requested operation has failed. Error checking authorization:
  GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: action org.freedesktop.udisks2.filesystem-mount is not registered (polkit-error-quark, 0)
  Could somebody help me? I even installed udisk mounting tool to mont without root password, added 50-udisks.policy and it just does not work.
  Help.
  I can mount it wit terminal by typing
  sudo mount /dev/sdXY /mnt/usb
  than i'm asked for password and it is mounted. Don't know why i can't mount it without password when connecting usb devices to usb port.
  moderator edit [ewaller]Removed link to over sized image..  Note, you set up a click through thumbnail correctly, but the "Thumbnail" was the same image and was too large
  Last edited by ewaller (2014-09-28 16:37:41)

  Some refresh. I followed this topic:
  https://bbs.archlinux.org/viewtopic.php?id=180025
  with the same problem. I found errors here:
  firekage@arch_desktop ~]$ journalctl -r -u polkit
  -- Logs begin at pią 2014-06-13 18:04:12 CEST, end at czw 2014-12-25 20:15:01 CET. --
  cze 23 15:59:15 arch_desktop polkitd[306]: Unregistered Authentication Agent for unix-session:c1 (system bus name :1.24, object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8) (disconnected from bus)
  cze 23 15:29:59 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:21:05 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:21:03 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:21:01 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:21:00 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:20:59 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:20:58 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:20:06 arch_desktop polkitd[306]: Registered Authentication Agent for unix-session:c1 (system bus name :1.24 [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8)
  cze 20 22:19:49 arch_desktop systemd[1]: Started Authorization Manager.
  cze 20 22:19:49 arch_desktop polkitd[306]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
  cze 20 22:19:49 arch_desktop polkitd[306]: Finished loading, compiling and executing 1 rules
  cze 20 22:19:49 arch_desktop polkitd[306]: Loading rules from directory /usr/share/polkit-1/rules.d
  cze 20 22:19:49 arch_desktop polkitd[306]: Loading rules from directory /etc/polkit-1/rules.d
  cze 20 22:19:49 arch_desktop polkitd[306]: Started polkitd version 0.112
  -- Reboot --
  cze 20 22:15:10 arch_desktop systemd[1]: Stopping Authorization Manager...
  cze 20 22:15:08 arch_desktop polkitd[304]: Unregistered Authentication Agent for unix-session:c1 (system bus name :1.23, object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8)
  cze 20 22:02:59 arch_desktop polkitd[304]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:02:56 arch_desktop polkitd[304]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:02:55 arch_desktop polkitd[304]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:02:54 arch_desktop polkitd[304]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:02:53 arch_desktop polkitd[304]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.11 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 22:00:00 arch_desktop polkitd[304]: Registered Authentication Agent for unix-session:c1 (system bus name :1.23 [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8)
  cze 20 21:59:26 arch_desktop systemd[1]: Started Authorization Manager.
  cze 20 21:59:26 arch_desktop polkitd[304]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
  cze 20 21:59:26 arch_desktop polkitd[304]: Finished loading, compiling and executing 1 rules
  cze 20 21:59:26 arch_desktop polkitd[304]: Loading rules from directory /usr/share/polkit-1/rules.d
  cze 20 21:59:26 arch_desktop polkitd[304]: Loading rules from directory /etc/polkit-1/rules.d
  cze 20 21:59:26 arch_desktop polkitd[304]: Started polkitd version 0.112
  cze 20 21:59:26 arch_desktop systemd[1]: Starting Authorization Manager...
  -- Reboot --
  cze 20 21:58:39 arch_desktop systemd[1]: Stopped Authorization Manager.
  cze 20 21:58:39 arch_desktop systemd[1]: Stopping Authorization Manager...
  cze 20 21:55:01 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 21:54:59 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 21:54:58 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 21:54:56 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 21:54:56 arch_desktop polkitd[306]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 21:47:40 arch_desktop polkitd[306]: Registered Authentication Agent for unix-session:c1 (system bus name :1.21 [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8)
  cze 20 21:47:22 arch_desktop systemd[1]: Started Authorization Manager.
  cze 20 21:47:22 arch_desktop polkitd[306]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
  cze 20 21:47:22 arch_desktop polkitd[306]: Finished loading, compiling and executing 1 rules
  cze 20 21:47:22 arch_desktop polkitd[306]: Loading rules from directory /usr/share/polkit-1/rules.d
  cze 20 21:47:22 arch_desktop polkitd[306]: Loading rules from directory /etc/polkit-1/rules.d
  cze 20 21:47:22 arch_desktop polkitd[306]: Started polkitd version 0.112
  cze 20 21:47:22 arch_desktop systemd[1]: Starting Authorization Manager...
  -- Reboot --
  cze 20 19:56:46 arch_desktop systemd[1]: Stopping Authorization Manager...
  cze 20 19:56:45 arch_desktop polkitd[310]: Unregistered Authentication Agent for unix-session:c1 (system bus name :1.21, object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8)
  cze 20 19:55:51 arch_desktop polkitd[310]: Registered Authentication Agent for unix-session:c1 (system bus name :1.21 [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8)
  cze 20 19:55:16 arch_desktop systemd[1]: Started Authorization Manager.
  cze 20 19:55:16 arch_desktop polkitd[310]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
  cze 20 19:55:16 arch_desktop polkitd[310]: Finished loading, compiling and executing 1 rules
  cze 20 19:55:16 arch_desktop polkitd[310]: Loading rules from directory /usr/share/polkit-1/rules.d
  cze 20 19:55:16 arch_desktop polkitd[310]: Loading rules from directory /etc/polkit-1/rules.d
  cze 20 19:55:16 arch_desktop polkitd[310]: Started polkitd version 0.112
  cze 20 19:55:16 arch_desktop systemd[1]: Starting Authorization Manager...
  -- Reboot --
  cze 20 19:54:38 arch_desktop systemd[1]: Stopping Authorization Manager...
  cze 20 19:54:13 arch_desktop polkitd[305]: Unregistered Authentication Agent for unix-session:c1 (system bus name :1.21, object path /org/kde/PolicyKit1/AuthenticationAgent, locale pl_PL.UTF-8)
  cze 20 16:47:01 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 20 03:02:19 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 19 21:32:38 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 19 19:25:08 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 19 19:24:40 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 19 19:24:38 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 19 19:24:36 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 19 19:24:35 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  cze 19 19:24:34 arch_desktop polkitd[305]: Operator of unix-session:c1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.10 [kdeinit4: kded4 [kdeinit]] (owned by unix-user:firekage)
  Could somebody help me? I even checked all rules in /etc/polkit-1/rules.d and /usr/share/polkit-1/actions on my notebook, and all files are the same with the same user permission but on notebook i can mount usb without problem, but on my desktop can't at all.

• Tomahawk Player - Sporadic "Problem Accessing Audio Device" Errors

  Hi, I have recently started using Tomahawk Player in GNOME and some songs from external sources can play and others receive an error that states:
  "Sorry, there is a problem accessing your audio device. Make sure you have a suitable Phonon backend and required plugins installed."
  However, I have phonon, phonon-gstreamer, and phonon-vlc installed.
  How can I further diagnose this?
  Last edited by bdamos (2014-11-30 19:48:16)

  Hello,
  That is unfortunately a not-very-helpful error message as it could mask a variety of problems. One of those problems is that it might happen if Tomahawk is unable to play the url for the track---what source has it resolved to? (rightmost column)?
  Feel free to come ask us on Freenode (#tomahawk) and our forums on forum.tomahawk-player.org. You'll probably get a better response there.

• Clean Access Agent fails to login "normal" user but allows "Administrator"

  Hello,
  I have the following problem. When a user tries to login using clean access agent (OOB+VG), the login process fails. When an administrator tries to login, the process works.
  What could be the problem?

  By the login process failing I mean that the machine is not assigned an IP address by the DHCP server

• Make /sys/devices writable for normal users

  I'm trying to make a file user writable in /sys. The goal is to have a non root user do this:
  $ echo 1 > /sys/devices/platform/eeepc/camera
  Is there a nice solution to make this file writable?
  Thanks.

  Only by 5 seconds
  Good advice about using the same group though. I forgot about that.
  I do this with ubuntu and arch, sharing the same storage/data partitions. in ubuntu the default user are uid/1000:gid/1000, and since in arch i have uid/100:gid/1000 there are no problems with permissions (since i'm in the same group), unless permissions are altered to something else than directories/755, files/644.
  [edit]of course im wrong about this. didn't think it through! i have the same uid in ubuntu/arch but not the same gid. Of course *that* works, but if you share gid, 775/664 permissions is what you need[/edit]
  Alternative (which is generally a good idea), is to create a special usergroup for the users you want to be able to modify the files, and use chmod to give that group write permission to the filesystem, and add the users you want to that group.
  Aah, yes, but when creating new files, you should set the "sticky bit" on the containing folder, because you will still mark the files with your umask (username:primary-groupname), unless "sticky bit" preserves the gid that the folder has (the secondary group created to share files). That is my limited understanding though.
  The simplest (not the safest) solution is just to be a (primary) member of the same group, namely "users". That'll require virtually no modifications, but "just work" in most cases.
  [edit]wrong again. as i said earlier, 775/664 permissions is what you need to share gid[/edit]
  Last edited by pelle.k (2007-10-04 04:21:12)

• Can't suspend using hal as normal user

  Hello,
  I'm currently experiencing problems suspending using hal as a normal user.
  I followed the normal instructions for hal and pm-utils, but when I try to use
  dbus-send --system --print-reply --dest=org.freedesktop.Hal \
  /org/freedesktop/Hal/devices/computer \
  org.freedesktop.Hal.Device.SystemPowerManagement.Suspend int32:0
  It gives me the following error:
  Error org.freedesktop.DBus.Error.AccessDenied: Rejected send message,
  1 matched rules; type="method_call", sender=":1.9" (uid=1000 pid=2217
  comm="dbus-send) interface="org.freedesktop.Hal.Device.SystemPowerManagement"
  member="Suspend" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal"
  (uid=0 pid=1576 comm="/usr/sbin/hald))
  This same command does work when I am root, so I suspect it is a permission error but when I use
  dbus-send --system --print-reply --dest=org.freedesktop.Hal
  /org/freedesktop/Hal/devices/computer org.freedesktop.Hal.Device.GetProperty
  string:'power_management.can_suspend'
  It does return true
  (NOTE: This check was taken from the ubuntu forum but since it returns true rather than an error or something I suspect it is correct)
  I tried the user permissions version of the config and that works so I can suspend, but xfce 4 uses hal so I would like this to work anyway
  Thanks in Advance

  Well I figured it out. It turns out that you need to have ck-launch-session in front of startxfce4 in .xinitrc, though without it worked fine before, but it's working now so I'm happy!

• ASA Cannot access https device via Clientless VPN bookmark, site to site works fine

  We've got two offices connected via an IPSEC tunnel.  This site to site VPN works great, we can access our remote devices fine from a PC on either LAN at each office.  The device's address is https://192.168.210.2
  However, if we make a bookmark on the Clientless VPN for that same address the conneciton just times out if it has to go over the site to site VPN. 
  We plugged the exact same web enabled device on the local side of the VPN, put in a bookmark for its https address and it works fine.  Its just remote bookmarks for devices on the other side of the tunnel do not work.
  Looking at the debug log I see the request going out from the source to the destination on port 443 but nothing more.  The NAT exemption etc are all right because people on the LAN have no problem accessing this device remotely with their browser. 
  I haven't been able to adequately describe this problem to find a matching Cisco example, anyone know how to fix this?

  hi luis,
  thank you for your reply. we've checked the smoothwall configuration, but couldn't discover anything which could cause this problem. we even tried replacing the sa520 with a draytek vigor router to set up an lan-to-lan vpn with the smoothwall. with the draytek in place we have no problems accessing the aforementioned servers, so it seems the issue is with the SA520.
  what exactly do you mean by creating an ACL from the remote WAN to our LAN? i assumed you meant creating a firewall rule, allowing traffic from the remote device's public ip to our LAN. however, in that case i need to enter an ip address of a device in our LAN, or else i cannot save this rule. as a test i entered the ip address of my machine as the destination address, but am still unable to access the aforementioned servers.
  here's how i set up the rule:
  from zone: UNSECURE (WAN/optional WAN)
  to zone: LAN
  service: ANY
  action: ALLOW always
  schedule: (not set)
  source hosts: Single address
  from: public ip of one of the aforementioned servers
  source NAT settings > external IP address: WAN interface address (cannot change this setting)
  source NAT settings >WAN interface: dedicated WAN (cannot change this setting)
  destination NAT settings > internal ip address: 192.168.11.123 (ip address of my machine)
  enable port forwarding: unchecked
  translate port number: empty
  external IP address: dedicated WAN

• Writing to /sys as a normal user without authentication

  Okay - I know the title of this post is not quite descriptive enough etc. I just don't know what to call it...
  I'm trying to get my backlight working fully on my Sony Vaio PCG-GRT390ZP. I can modprobe the sony_laptop module and then echo the different values to the respective files like this:
  # echo 5 > /sys/class/backlight/sony/brightness
  I'm trying to get some python scripts written to handle the above command. (I'm using python because I'm more comfortable in that than in plain bash  / sh, and I have the python packages already.) Because of the scripting, I need to have write access in /sys as a normal user. I'm looking for the safest way to achieve this, as I can't imagine that
  chown -R <user> users /sys
  is safe at all. Any suggestions? Thanks a lot.

  Setting the suid flag for the scripts didn't seem to work, I think because the suid flag only affects binaries (though I could certainly be wrong - that's just what I read)
  So I went ahead and added the lines I needed to my sudoers to launch this script as root  without a password every time it's run (Since all this does is change the screen brightness I think I should be pretty safe. Unless others have differing opinions?)
  Thanks again for the brain jog. Sometimes that's all you need. (Now I just need to set up xbindkeys to launch these scripts I just wrote)

• [Solved] Giving A Normal User R/W Access To A SSD

  I have virtualbox setup so that it has direct (raw) access to my SSD (which is formatted with NTFS if it that matters) but the only way I can currently get it to work is by running virtualbox with root permissions. How can I make it work with my normal user?
  Last edited by brando56894 (2011-07-26 16:15:06)

  So the problem is that your user have no rights on the /dev/sdXY device on your hostsystem? Let's assume that your SSD is /dev/sdc.
  If you look at: ls -l /dev/sdc you will see that only user root and members of group disk have access(rw) on this device.
  One could think: ok, i put my normal user in group disk, problem solved. That's right, but it opens unneccassary security risks. It's bad to give a user more rights than needed exactly for one job. In group disk the user has direct access to all blockdevices on the host.
  So one possible solution: Devices in /dev are setup by udev via rules. So write a rule that change ownership on exactly the SSD device (sdc). Maybe with owner root:privdev, and put your user in the (new) privdev group.
  The IMHO better, simpler solution is IMHO: Use ACL's. (from package acl)
  With above example /dev/sdc:
  getfacl /dev/sdc
  getfacl: Removing leading '/' from absolute path names
  # file: dev/sdc
  # owner: root
  # group: disk
  user::rw-
  group::rw-
  other::---
  Now add a acl for your user (username brando for ex.)
  setfacl -m u:brando:rw /dev/sdc
  Control with getfacl and you will see that brando have now rw access directly on the device.
  You could put this permanently in /etc/rc.local
  Instead of /dev/sdxy in device naming it's better to work with ID's or UUID's. Adressing could be then:
  /dev/disk/by-id/???
  /dev/disk/by-uuid/???
  Identify your SSD device by looking in these directories. Not using the "old" /dev/sdxy naming prevents from wrong access when the SSD may changes the order of blockdevices.
  Last edited by GerBra (2011-07-26 08:27:53)

• Help needed restricting users admin access to devices using ACS 4.2

  I have users that access the network via a VPN client to a PIX 515 which authenticates to the ACS (using the default group for unknown users) which uses an external Active Directory Database.
  The problem I have is that as the ACS authenticates these users, it now allows them admin access to the PIX. How do I restrict access? I have looked at NARs using the 'All AAA clients, *, *' approach but that just stops their VPN access. ( I have a separate group called 'PIX ACCESS' which will contained only defined users for admin access).
  Incidentally I have other devices on the network which are AAA clients, in particular Nortel switches. I can set the group settings for that RADIUS set up to 'Authenticate Only' (RADIUS Nortel option) and that works fine, I was expecting the ACS to have a similar setting for TACACS+.
  So how do I allow the unknown users to authenticate to their AD database but restrict them admin access to the AAA clients?

  Very common problem. I've solved it twice over the last 6 years with ACS. I'm sketchy on the details. But here goes. First option to explore is using RADIUS for VPN access, then TACACS on all the Cisco switches and PIX firewall. That would make it alot easier. I think that with TACACS, you can build a NAR based on TCP port number instead of IP address....
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml
  So you'd have a group with 3-4 Administrators that can access PIX CLI, and another group of VPN users that can't access the PIX but can VPN in. So on the VPN group, put a NAR that restricts access to SSH/Telnet TCP ports?
  This comes up everytime I install an ACS server, (every 2-3 years), and it's always a trick.
  Please let me know if this works for you. And if it doesn't, let us know how you fixed it. I think I can get back into the ACS I last did this with and take a look, but I'd have to call up and make a special trip.

• Access denied when trying to use PDF printer as normal user

  I have Acrobat 8 professional installed on a computer running Windows XP SP3. When i try to print a document to pdf from any program as Administrator it performs just fine. When i log on as a normal, restricted, user i get the window popup asking for a file name and location and whereever i try to save a file i get "access denied" error.
  Users have right to write and modify in all of the folders i've tried to save to (desktop, my documents, custom made folders), but i think the problem is with the temp file being written to some system folder where restricted users don't have permission to write. Did anyone encounter a similar problem, and how did you solve it? What directories do the normal users need access to in order to perform printing.
  Thank You

  The forum added some nice links and i found my answer here http://forums.adobe.com/message/1179199#1179199 - changed the registry key permissions and it's working like a charm. Thank you.

• Cisco ISE 1.2 - Problem with Device Onboarding of internal users using AD Credentials

  Dear experts,
  We have implemented ISE 1.2 with WLC 7.5 in our organization. We are using Device Onboarding by letting the users enter their AD Username and Passowrd on Guest portal which then redirects them to device registration portal where they simply register their device and they get internet access.
  The problem is that some users are unable to authenticate using this portal while some can successfully authenticate and register their devices. All users are of the same group in AD. Also, we have enabled this check on two places. One is when users connects to the SSID where the security WPA2-Enterprise uses 802.1x and asks for AD username password. The other is on the portal.
  All users are able to connect to the SSID using their AD credentials. However, 30% of the users are not being authenticated when they are redirected to the Guest portal for device registration. Also, it gives no error or event on either ISE or on the mobille device. When the users enters their credentials, the same guest portal page comes back blank with no errors or logs anywhere.
  Can someone guide me if there is some configuration mistake that I may have done or have someone faced this same issue and were/weren't able to resolve it.
  Thanks in advance.
  Jay

  Our problem got solved. It was related to a few user accounts in AD. Usually any authentication on AD User Account is carried out using the User ID. However, during Web Authentication, Login ID/Name is also checked by ISE and should be same as User ID.
  The problem you are facing might also related be to AD since we had the similar issue. try to check this on a laptop as the mobile portal gives no error if the user is unknown or invalid. Also, you can enable logs for web authentication which are off by default. It will give you a pretty good idea where the problem lies. And yeah, do not keep the web authentications log on for long, it can hang your ISE.
  Anyways, thanks for all the support.

• Pse help! I boot my computer with apple + s and I can't return to normal user access

  I need your helpy I boot my computer with (apple + s) and now I can't return to normal user access again because on the sceen I don't see my session

  Thank you for answer but it's not possible to write anything because I get an invite to put a password (without my name) and an invite for Guest. The problem is I cant put the right password because my keyboard is azerty et in my password content the euro symbol (€) and (&). So I think there is the problem. I also think if I can return in normal boot (I mean with my own session) everythings will OK for me. Can you help me? Sorry for my english my mother language is french so I have some little difficulties to translate