Abstract: Use policykit to avoid root password for mount an internal filesystem.
Last week, I updated my Arch Linux laptop, and got the new deviekit-disk. Then I found that the authorizations set with gnome interface, which actually sets theorg.freedesktop.hal.storage...
, stops work. I have to give the root passwd when I try to mount an internal filesystem, which is really bothering:(
Luckly it is not hard to solve this problem with Policykit, though there dosen't seem to be a sweet GUI to help. All you have to do is simply create a text file named anything with suffix .pkla
in /etc/polkit-1/localauthority/50-local.d/
and fill it with the content below:
[filesystems mount internal privs]
Identity=unix-group:disk
Action=org.freedesktop.devicekit.disks.filesystem-mount-system-internal
ResultAny=no
ResultInactive=no
ResultActive=yes
In case you have udisks2
instead of udisks
, the action should written like this:
Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.filesystem-mount
Here I allow all users in group disk
to mount internal filesystem without root password. disk
is the default group of storage devices, you should add yourself to this group. Otherwise you can specify your login name:
Identity=unix-user:yourname
To see all possible actions, check /usr/share/polkit-1/actions
directory.
You can always man pklocalauthority
for more info:)
Update (May 22nd 2012)
Udisks2 uses different action name.
Update (Oct 25th, 2011)
Latest udev
will set storage devices of group disk
. So I specify group disk
instead of storage
now.
PS: I moved to a new blog.
Update (April 3rd 2010)
People from freedesktop.org are making a great progress - by renaming devicekit-disk as udisk (Sounds talking about flash disk, isn't it?)... So you got to change Action=org.freedesktop.devicekit.disks.filesystem-mount-system-internal to Action=org.freedesktop.udisks.filesystem-mount-system-internal.
Dear sirs/madams from freedesktop.org, will you please stop renaming things? It's not fun, at all :(
Update (April 16th, 2010)
It seems /etc/polkit-1/localauthority/50-local.d/
is a better place to apply your own settings.
Update (Nov 2nd, 2010)
The configuration file has to be named with suffix .pkla
to be recognized, for more details you can man pklocalauthority
. And lots of thanks goes to Awebb who kindly points this out :)
Hello,
ReplyDelete"create a text file named anything" made me tinker with the the config for a while. After about an hour, I had a look at the manfile to find out you need to give the file the .pkla extension.
Thanks alot for this little guide, it helped me unterstand the whole mechanism.
Awebb
Thanks, you saved me hours with this simple, but highly effective solution. (esp. the Nov 2 revision)
ReplyDeleteAll works well on my Gentoo box.
Amp
You saved me from allot of trouble, thank you
ReplyDeleteTHANK YOU!! :D
ReplyDeleteTHANKS!!!
ReplyDelete