Hi,
I know from the numerous posts you made here since all the years that you are really trying to help.
And so do I, even if I only posted a few problems I had and the solutions I’ve found for those (or about some specific things about the Cinnamon desktop/the French keyboard).
So I hope you won’t be upset if I feel the need to correct a few things you wrote in your post…
And please do the same if you find I’m wrong 
I will use the same format as you did, because I find it very clear, much more readable like this and I already know that will be a long post…
Which files removed manjaro-hotfixes exactly?
Two files were deleted with the help of a dummy package:
$ pamac list -f manjaro-hotfixes
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.Manjaro.conf
/etc/polkit-1/rules.d/99-manjaro.rules
So let’s get the first one out of the way
$ cat /etc/dbus-1/system.d/org.freedesktop.NetworkManager.Manjaro.conf
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy group="network">
<deny own="org.freedesktop.NetworkManager"/>
<allow send_destination="org.freedesktop.NetworkManager"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Settings"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.AgentManager"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="SetLogging"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="Sleep"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="sleep"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="wake"/>
</policy>
</busconfig>
That’s some configuration for NetworkManager and the network group (<policy group="network">), and it really seems unneeded now indeed, because I didn’t see any changes after removing it, and I’m sure there would be already some reports if it did break some users networks
Now, let’s have a look to 99-manjaro.rules
Here is the whole thing:
$ sudo cat /etc/polkit-1/rules.d/99-manjaro.rules
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.udisks2.") == 0 && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.hibernate" ||
action.id == "org.freedesktop.login1.suspend") {
return polkit.Result.YES;
}
});
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.upower.hibernate" ||
action.id == "org.freedesktop.upower.suspend") {
return polkit.Result.YES;
}
});
/* Allow users of network group to use blueman feature requiring root without authentication */
polkit.addRule(function(action, subject) {
if ((action.id == "org.blueman.network.setup" ||
action.id == "org.blueman.dhcp.client" ||
action.id == "org.blueman.rfkill.setstate" ||
action.id == "org.blueman.pppd.pppconnect") &&
subject.isInGroup("network")) {
return polkit.Result.YES;
}
});
So that’s 4 times adding Polkit rules (polkit.addRule) to use features requiring root without authentication, that means changing the standard "auth_admin" to "yes".
Ref: polkit: polkit Reference Manual
Let’s break it in smaller pieces, starting with the last part:
Blueman
The wheel group was used before, but it was changed to the network group (as can be see in the file) by this commit:
So now this part is also gone because it seems unneeded now, but I can’t say if it makes any problem, as I don’t use any Bluetooth device… Same thing, if it does, users report will come soon enough!
In the middle of the file:
login1 & upower
Some rules added to allow an user to hibernate, suspend, reboot and power-off without authentication.
Not needed anymore today, so also gone and tested without problems on my side (outside of hibernate, that I don’t use)…
At last, on the top of the file:
polkit rule for passwordless mount with udisks2
Again, that’s just changing the standard "auth_admin" to "yes", to allow a passwordless mount of devices with udisks2.
That trick was even black and white in the Arch Wiki once (https://archive.ph/f7aod), but it is now also removed from the actual version (udisks - ArchWiki) and instead, there’s some external examples, like this one here _Example polkit rules_.md · GitHub (with the same polkit rule, by the way) or that one Permissions · coldfix/udiskie Wiki · GitHub for the storage group.
And I think that’s why you talking about this storage group here…
In fact, my user is not even in this group, and with this polkit rule, I can nevertheless mount any devices without password, because I’m in the wheel group.
But if anybody doesn’t want to add it’s user(s) to the wheel group because it’s a security risk, this polkit rule also works by using instead the group named after the user…
I did the test, it works, but I never bothered before, as I always added my user to the wheel group on Linux if it wasn’t done by default after the install, because that’s what I’m used to do on BSD and I’m the sole user of my PC at home…
Historically after all, the wheel group is the default UNIX admin group, but yes, less permissions is more safety and not everybody seems to like it The wheel Group – UNIX Administratosphere
So, to each his own…
The addition of a polkit rule for passwordless mount seems to have be seen as a “hack” since a long time, as can be read here: udisks2 + polkit 0.107: Allow unauthenticated mounting / Applications & Desktop Environments / Arch Linux Forums
Quote: “It should be noted that these rules are indeed not necessary if you are using systemd/logind. These rules are and always have been a hack/workaround to make things work without a proper consolekit/logind session. The fact is that 99% of users don’t have to create polkit rules ever, so imho people shouldn’t be encouraged to do so.”
Yeah… And yet, here we are, 12 years later and if I remove this rule, I’m still asked for a password when I want to mount my internal drives, so that’s a nope for me!
Which means, unless I missed a configuration step with systemd or whatever else, we are still in the same situation, it seems…
So I hope this helps clarify a bit more the situation for anybody who still has questions about this manjaro-hotfixes update/removal thing!
TL;DR:
- manjaro-hotfixes update removed 2 files. One was really unneeded
(/etc/dbus-1/system.d/org.freedesktop.NetworkManager.Manjaro.conf), most of the second was too (/etc/polkit-1/rules.d/99-manjaro.rules)… - but the useful part that has been removed in the latter allowed passwordless mount that was added in a polkit rule.
- to get that behavior back, look at this post [Stable Update] 2024-01-13 - Kernels, Systemd, Qt5, Mesa, Dbus, Firefox, Thunderbird - #123 by fsw
- use the group you want in the file:
wheel, if you’re already in it, add yourself instorageif you want, or use the group that has yourusername, that will work too (and implies way less permissions, so is more safe that the 2 other options). - no need for the
wheelgroup with blueman, because it was changed tonetworkgroup a while ago anyway and now no special configuration seems to be needed anymore (can’t confirm, don’t use Bluetooth).