[SOLVED] Policykit Mount a system-internal device rule

mkkot · 2011-07-18 11:41:26

Hi all, I'm trying to get known better with polkit priviliges configuration. I found in /usr/share/polkit-1/actions/org.freedesktop.udisks.policy a key:

<action id="org.freedesktop.udisks.filesystem-mount-system-internal">
    <description>Mount a system-internal device</description>
    <description xml:lang="da">Montér en intern enhed</description>
    <message>Authentication is required to mount the device</message>
    <message xml:lang="da">Autorisering er påkrævet for at montere et fil system</message>
    <defaults>
      <allow_any>no</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
  </action>

I would like to mount my internal drives without being asked for root's password. So I did:
<allow_active>yes</allow_active>
Works.

However, this is not a recommended way. So instead I created a file /etc/polkit-1/localauthority/50-local.d/10-udisks.plka

[Mount internal devices]
Identity=unix-group:disk
Action=org.freedesktop.udisks.filesystem-mount-system-internal
ResultAny=no
ResultInactive=no
ResultActive=yes

My user belongs to disk group, I tried also with *. It doesn't work. What possibly can be wrong? Is there any validation tool?

Last edited by mkkot (2011-07-20 21:20:15)

darkbeanies · 2011-07-18 14:22:32

I believe you want unix-group:storage, not disk. And you need to be a member of storage.

Here's mine:

[Storage Permissions]
Identity=unix-group:storage
Action=org.freedesktop.udisks.filesystem-mount;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.udisks.filesystem-unmount-others;org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.drive-detach;org.freedesktop.udisks.luks-unlock;org.freedesktop.udisks.inhibit-polling;org.freedesktop.udisks.drive-set-spindown
ResultAny=yes
ResultActive=yes
ResultInactive=yes

Is the partition you are trying to mount ntfs? Are you using KDE?

Last edited by darkbeanies (2011-07-18 14:32:08)

mkkot · 2011-07-18 14:35:06

Maybe I want storage, but it *should* work this way as well. Pasted your file by curiosity but result the same. Im both member of storage and disk groups. Trying to mount xfs and ext2 under dolphin, kde.

darkbeanies · 2011-07-18 21:11:38

What's the output of cat /proc/filesystems? If you don't have xfs and ext2 on the list,

cp /proc/filesystems /etc/filesystems

nano /etc/filesystems

and add xfs and ext2 at the bottom. (seperate lines)

By the way, my edit changed "ResultInactive" from "no" to "yes". Don't know if that makes any difference...

Last edited by darkbeanies (2011-07-18 21:12:50)

mkkot · 2011-07-20 08:16:56

Thanks for your answer. For testing purposes I did:

[Mount internal devices]
Identity=unix-group:*
Action=org.freedesktop.udisks.filesystem-mount-system-internal
ResultAny=yes
ResultInactive=yes
ResultActive=yes

And then /etc/filesystems:

nodev   sysfs
nodev   rootfs
nodev   bdev
nodev   proc
nodev   cgroup
nodev   cpuset
nodev   tmpfs
nodev   devtmpfs
nodev   binfmt_misc
nodev   debugfs
nodev   securityfs
nodev   sockfs
nodev   pipefs
nodev   anon_inodefs
nodev   devpts
nodev   ramfs
nodev   hugetlbfs
nodev   pstore
nodev   mqueue
        ext4
nodev   usbfs
        xfs
        ext2
        reiserfs

Dolphin still asks for root's password. Any other ideas?

//Edit: after reboot /proc/filesystems doesn't contain my changes....

Last edited by mkkot (2011-07-20 08:18:32)

darkbeanies · 2011-07-20 09:33:56

Okay, this is exactly how I have my computer set up:
Create the .pkla file in /etc/polkit-1/localauthority/50-local.d/ as above and add the user to storage group.
For kde, add extra filesystems by copying proc/filesystems to etc/filesystems.

Seriously, that's all I do to enable mounting everything. I might make a virtual archlinux in vbox just to assure myself that I haven't gone mad.

Final suggestion before I give up: How are you starting kde? Make sure you "exec ck-launch-session dbus-launch" or, better, just run kdm using /etc/inittab method.

BTW, DON't edit /proc/filesystems, it won't work. Edit the /etc/filesystems that you copied.

mkkot · 2011-07-20 14:13:38

I also think this must work but it doesn't. I've even read about sequence PolicyKit interprets rules within different config files, still - should work. It's strange that changing /usr/share/polkit-1/actions/org.freedesktop.udisks.policy works and creating .pkla doesn't.

I have edited /etc/filesystems as you saw above but I was convinced this file should be somehow used to alter the /proc one. Not in my case.

I start kde via Slim (which uses .xinitrc) and in .xinitrc I do have exec ck-launch-session startkde. There are no problems with turning off the PC within kde or so, I guess that's good. Well, I must try to do some other modifications with pkla files then. Maybe we miss something...

anonymous_user · 2011-07-20 15:53:04

After creating the rules and adding yourself to storage, did you logout/relogin?

mkkot · 2011-07-20 19:33:45

Yes, I don't have 24/7 server farm, just a desktop computer
BTW rules should be applied instantly.

mkkot · 2011-07-20 21:18:07

Yeah, another brilliant mistake

However, this is not a recommended way. So instead I created a file /etc/polkit-1/localauthority/50-local.d/10-udisks.plka

pkla not plka. That's it. Boh.

darkbeanies · 2011-07-20 23:00:40

mkkot wrote:

Yeah, another brilliant mistake
pkla not plka. That's it. Boh.

Dooooooooooooooooooooooooooooooooooohhh!!!!

mkkot · 2011-07-21 00:01:15

Okay, so in order not to waste this topic, here is something from man pklocalauthority:

[Configuration]
AdminIdentities=unix-user:lisa;unix-user:marge

D'oh!

Last edited by mkkot (2011-07-21 00:01:42)

hobarrera · 2011-12-28 22:32:46

mkkot wrote:

Yeah, another brilliant mistake
However, this is not a recommended way. So instead I created a file /etc/polkit-1/localauthority/50-local.d/10-udisks.plka
pkla not plka. That's it. Boh.

I hate to bring up a thread a couple of months old, but... can you believe that I had the EXACT same issue!?
I don't know about 3 months ago, but today, changes are immediate. If you don't want to re-login, just run a terminal with "su user", and run dolphin/thunar/wharever from there

Arch Linux

#1 2011-07-18 11:41:26

[SOLVED] Policykit Mount a system-internal device rule

#2 2011-07-18 14:22:32

Re: [SOLVED] Policykit Mount a system-internal device rule

#3 2011-07-18 14:35:06

Re: [SOLVED] Policykit Mount a system-internal device rule

#4 2011-07-18 21:11:38

Re: [SOLVED] Policykit Mount a system-internal device rule

#5 2011-07-20 08:16:56

Re: [SOLVED] Policykit Mount a system-internal device rule

#6 2011-07-20 09:33:56

Re: [SOLVED] Policykit Mount a system-internal device rule

#7 2011-07-20 14:13:38

Re: [SOLVED] Policykit Mount a system-internal device rule

#8 2011-07-20 15:53:04

Re: [SOLVED] Policykit Mount a system-internal device rule

#9 2011-07-20 19:33:45

Re: [SOLVED] Policykit Mount a system-internal device rule

#10 2011-07-20 21:18:07

Re: [SOLVED] Policykit Mount a system-internal device rule

#11 2011-07-20 23:00:40

Re: [SOLVED] Policykit Mount a system-internal device rule

#12 2011-07-21 00:01:15

Re: [SOLVED] Policykit Mount a system-internal device rule

#13 2011-12-28 22:32:46

Re: [SOLVED] Policykit Mount a system-internal device rule

Board footer