[SOLVED] udevil, udisks and devmon not allowed to automount by polkit

ondrejs · 2016-09-21 16:25:58

I installed udevil, udisks2, run chmod -s on udevil, enabled devmon@username.service,
added a polkit rule to return yes on action udisks.filesystem-mount and allowed members
of storage group to mount devices (my user is a member of said group), however I am still
getting the error below in journal when I stick a USB drive into my PC.

I do not have any authentication agent, but I would like this to work without authenticating such
that the user can mount whatever he wants. What's wrong with my setup? How can fix it such
automount works?

Thank you.

# journalctl 
Sep 21 18:13:59 ondra-nuc devmon[263]: devmon: /usr/sbin/udisksctl mount -b /dev/sdb1 -o "noexec,nosuid,nodev,noatime"    # (Seagate Expansion Drive)
Sep 21 18:13:59 ondra-nuc devmon[263]: Error creating textual authentication agent: Error opening current controlling terminal for the process (`/dev/tty'): No such device or address (polkit-error-quark, 0)
Sep 21 18:13:59 ondra-nuc devmon[263]: Error mounting /dev/sdb1: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation
Sep 21 18:13:59 ondra-nuc devmon[263]: devmon: error mounting /dev/sdb1 (1)
Sep 21 18:13:59 ondra-nuc devmon[263]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sep 21 18:13:59 ondra-nuc devmon[263]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sep 21 18:13:59 ondra-nuc devmon[263]: udisks functions are not authorized through policykit,
Sep 21 18:13:59 ondra-nuc devmon[263]: so devmon cannot automount drives.
Sep 21 18:13:59 ondra-nuc devmon[263]: Please see devmon's consolekit installation instructions:
Sep 21 18:13:59 ondra-nuc devmon[263]: http://igurublog.wordpress.com/downloads/script-devmon/#install
Sep 21 18:13:59 ondra-nuc devmon[263]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sep 21 18:13:59 ondra-nuc devmon[263]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Configuration files:

# /etc/polkit-1/rules.d/10-udisks-automount.rules 
# taken from http://dncc.github.io/2013/01/27/Automount-USB-With-Udisks-in-Arch-Linux.html
polkit.addRule(function(action, subject) {
	if (action.id == "org.freedesktop.udisks.filesystem-mount" &&
		subject.isInGroup("storage")) {
			return polkit.Result.YES;
		}
});

# /etc/polkit-1/localauthority/50-local.d/10-udisks.pkla
[udisks]
Identity=unix-group:storage
Action=org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.filesystem-mount
ResultAny=yes

Last edited by ondrejs (2016-09-22 06:07:53)

ukhippo · 2016-09-21 17:02:53

If you want to use polkit, you must have an authentication agent running. The polkit rule determines whether the agent has to prompt for a password or not. Since your rule is returning polkit.Result.YES you won't get prompted for a password. If you did want it to prompt you'd return something like polkit.Result.AUTH_SELF
For a console/ssh session, just run pkttyagent in the background.

ondrejs · 2016-09-21 17:58:27

I tried installing polkit-gnome, running

/usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &

and then reconnecting the USB drive, but the error stays the same. I tried it also with pkttyagent but also with the same error.

Last edited by ondrejs (2016-09-21 17:59:07)

ondrejs · 2016-09-21 19:24:30

Disabling the devmon@username.service and running devmon in X session startup script fixed it for me.

Should I mark the thread as solved even though it's not exactly a solution to the original question?

Alad · 2016-09-21 19:38:01

ondrejs wrote:

Disabling the devmon@username.service and running devmon in X session startup script fixed it for me.
Should I mark the thread as solved even though it's not exactly a solution to the original question?

This is discussed in https://wiki.archlinux.org/index.php/Udisks#devmon

ukhippo · 2016-09-21 20:12:21

Ah sorry, I missed that you were using the service. The service won't work, as is, with udisks2 because udisks2 requires an authentication agent (and the fallback agent fails because that requires a tty).

Alad · 2016-09-21 21:10:45

Well, that's the symptom of the issue. The cause is that running devmon from a service runs it outside the systemd session, hence polkit prompts for permissions. If for some reason a service is a must, you can configure polkit permissions accordingly (see #Configuration in the same article).

ondrejs · 2016-09-22 06:16:53

Alad wrote:

This is discussed in https://wiki.archlinux.org/index.php/Udisks#devmon

Yes I read that and changed my setup, but it doesn't explain why my original setup did not work.

ukhippo wrote:

...udisks2 requires an authentication agent (and the fallback agent fails because that requires a tty).

This explains why it didn't work but it still bugs me that running polkit-gnome did not solve the issue in the originally described setup.

Alad · 2016-09-22 09:21:37

Yes I read that and changed my setup, but it doesn't explain why my original setup did not work.

The tip in that section explains it perfectly. Anyway, no need to further argue on this as the issue is solved.

Arch Linux

#1 2016-09-21 16:25:58

[SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#2 2016-09-21 17:02:53

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#3 2016-09-21 17:58:27

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#4 2016-09-21 19:24:30

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#5 2016-09-21 19:38:01

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#6 2016-09-21 20:12:21

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#7 2016-09-21 21:10:45

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#8 2016-09-22 06:16:53

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

#9 2016-09-22 09:21:37

Re: [SOLVED] udevil, udisks and devmon not allowed to automount by polkit

Board footer