You are not logged in.

#1 2012-11-01 17:17:42

ma
Member
Registered: 2012-01-29
Posts: 54

udisks2 + polkit 0.107: Allow unauthenticated mounting

I'm placing this here in case somebody finds it useful. I was trying to get udisks2 to work without authentication, but following the instructions in the Arch Wiki entry on polkit did not get me anywhere. Maybe udisks2 is supposed to work out of the box with systemd and a desktop environment, maybe not; I don't know, I don't use either.

After some frantic searching it turned out that the Arch Wiki entry on polkit is out of date. You can forget about .pkla files and /etc/polkit-1/localauthority/50-local.d, because polkit 0.106 dropped the localauthority backend. So to allow udisks2 to mount devices without authentication, I had to create a .rules file in /etc/polkit-1/rules.d. This one works for me:

// See the polkit(8) man page for more information
// about configuring polkit.

// Allow udisks2 to mount devices without authentication
// for users in the "storage" group.
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
         action.id == "org.freedesktop.udisks2.filesystem-mount") &&
	subject.isInGroup("storage")) {
        return polkit.Result.YES;
    }
});

I saved it as /etc/polkit-1/rules.d/10-udisks2.rules, and voila! I guess it will do for the next few months… And yep, that's JavaScript. Because pulling in an 8 MB dependency is fun. :-\

Offline

#2 2012-11-01 17:49:45

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: udisks2 + polkit 0.107: Allow unauthenticated mounting

Hey, good job there.  I too was utterly confused as to the move to javascript.  Seemed a little stoopid to me to go from dead simple to rediculous from one version to the next.  I don't use udisks[2] but I do use polkit and the change is really disappointing.

Offline

#3 2012-11-01 18:04:34

ZekeSulastin
Member
Registered: 2010-09-20
Posts: 266

Re: udisks2 + polkit 0.107: Allow unauthenticated mounting

ma wrote:

Maybe udisks2 is supposed to work out of the box with systemd ... maybe not; I don't know, I don't use either.

Pretty much - if you look at the default policy that comes with udisks2 (which is still in xml, lolpolkit), a lot of it's based on the status of your (what was consolekit, is now) systemd-logind session.  The basic stuff like mounting/unmounting a thumbdrive at your own 'seat' is by default allowed to anyone with a session marked Active, with stuff like modifying other session/seat's mounts and other system-wide stuff requiring admin authentication.  Whether or not you even have X started, let alone a full blown DE, has nothing to do with it (unless you broke your session by starting X on a different VT now that ck-launch-session no longer exists, but that should be solved pretty much permanently now).

(And yes, I did install udisks2 on my pc with systemd to do a quick verification; working from a tty (vt2), mounting/unmounting my thumb drive went without a hitch, but trying to unmount one of my internal HDDs resulted in an authentication notice occuring.  I just had to enter my own password as my main user is in the group 'wheel', which is given the polkit admin role by the shipped /etc/polkit-1/rules.d/50-default.rules; I don't know what it would look like for a totally non-admin user.)

((And no, I don't quite get why they went to js either))

Last edited by ZekeSulastin (2012-11-01 18:09:55)

Offline

#4 2012-11-01 18:04:50

65kid
Member
From: Germany
Registered: 2011-01-26
Posts: 663

Re: udisks2 + polkit 0.107: Allow unauthenticated mounting

It should be noted that these rules are indeed not necessary if you are using systemd/logind. These rules are and always have been a hack/workaround to make things work without a proper consolekit/logind session. The fact is that 99% of users don't have to create polkit rules ever, so imho people shouldn't be encouraged to do so. Except when you are still using initscripts, but then you are screwed long-term anyway...

I'm not critizing here, I know you wanna help, I just wanted to point this out to make sure that none of the many "zomg-I-don't-have-permissions-anymore!!"-people think this is an actual fix for their problems...

as a btw, I also think that using JavaScript for configuration is absolutely ridiculous...

Last edited by 65kid (2012-11-01 18:05:59)

Offline

#5 2012-11-01 19:04:59

ma
Member
Registered: 2012-01-29
Posts: 54

Re: udisks2 + polkit 0.107: Allow unauthenticated mounting

Thanks for the clarification, folks. And yeah, I do not want to give the impression that this is a solution. It's a workaround for folks like me who are reluctant to switch to systemd. A switch I'll soon be forced to make, it seems.

By the way, I'm still using consolekit. Just a good couple of months ago I had to modify .xinitrc to run ck-launch-session dbus-launch openbox, and add a .pkla file to allow mounting my stuff. And now this… Talk about compatibility. Every now and then they break something that used to work, replacing it with a different implementation that soon gets replaced with another one, which itself only lasts for a short time before it gets replaced… Oh, boy. How do you mount your devices this week? :-)

Offline

#6 2012-11-04 20:39:25

wooptoo
Member
Registered: 2007-04-23
Posts: 78
Website

Re: udisks2 + polkit 0.107: Allow unauthenticated mounting

I created a complete rules file that allows mounting, rebooting and network management without a password: https://gist.github.com/4013294/ccacedd … 92d6a2bddb

Offline

#7 2012-11-08 14:29:17

sl1pkn07
Member
From: Spanishtán
Registered: 2010-03-30
Posts: 371

Re: udisks2 + polkit 0.107: Allow unauthenticated mounting

ma wrote:

I'm placing this here in case somebody finds it useful. I was trying to get udisks2 to work without authentication, but following the instructions in the Arch Wiki entry on polkit did not get me anywhere. Maybe udisks2 is supposed to work out of the box with systemd and a desktop environment, maybe not; I don't know, I don't use either.

After some frantic searching it turned out that the Arch Wiki entry on polkit is out of date. You can forget about .pkla files and /etc/polkit-1/localauthority/50-local.d, because polkit 0.106 dropped the localauthority backend. So to allow udisks2 to mount devices without authentication, I had to create a .rules file in /etc/polkit-1/rules.d. This one works for me:

// See the polkit(8) man page for more information
// about configuring polkit.

// Allow udisks2 to mount devices without authentication
// for users in the "storage" group.
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
         action.id == "org.freedesktop.udisks2.filesystem-mount") &&
	subject.isInGroup("storage")) {
        return polkit.Result.YES;
    }
});

I saved it as /etc/polkit-1/rules.d/10-udisks2.rules, and voila! I guess it will do for the next few months… And yep, that's JavaScript. Because pulling in an 8 MB dependency is fun. :-\

thanks for the rule!!

i little modif by according my old setting (udisk) .(add thanks to wooptoo)

polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks.filesystem-mount-system-internal") && subject.isInGroup("storage")) {
        return polkit.Result.YES;
    }
});

it's possible add to wiki with "revert" (and add) this change?

https://wiki.archlinux.org/index.php?ti … did=233098

greetings

Last edited by sl1pkn07 (2012-11-16 14:25:04)

Offline

#8 2012-11-08 17:21:26

Neitrino
Member
Registered: 2012-11-08
Posts: 1

Re: udisks2 + polkit 0.107: Allow unauthenticated mounting

I am completly stuck. I have two PC with archlinux with KDE+SLIM  and KDE+KDM, only one desktop user and cannot mount ntfs drive without password, why we need workaround. I think we need more simple setting for polkit+login....

Offline

Board footer

Powered by FluxBB