I have a luks encrypted volume on my 18.04 Kubuntu Laptop. When I double click on it in Dolphin I'm asked for the luks password and the volume is mounted. Everything is fine.
But this volume is also used by another user that isn't in sudo group (and can't be for other reasons). This user is asked for an admin password when he tries to decrypt the volume. I also sometimes connect myself remotely to the computer through x2go/SSH. In this case I'm also asked to enter the admin credentials. I would like to allow all users in a specified group to decrypt the luks volume without having to enter the admin password whatever they way the connect (either directly on the laptop or remotely - from the local network)
I spent hours and hours trying to set a pkla file in
/etc/polkit-1/localauthority/50-local.d/ and/or in
/var/lib/polkit-1/localauthority/50-local.d/ without any success.
The content of the pkla file is as this:
[Authorize mounting of luks volumes ] Identity=unix-user:* Action=org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-mount-system ResultAny=yes ResultInactive=yes ResultActive=yes
The file seems to be completely ignored. I tried also to edit directly the file
/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla and to allow all udisks2 actions for all users but it didn't work either.
The only tweak that works is editing default permissions in the
/usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy but the solution is not acceptable as I want to allow only some users.
A similar case of non working pkla has been raised here but not solved.
Any idea? Is there a way to check or debug pkla files?