Thursday, November 5, 2009

Mount internal filesystem without passwd with udisk (formerly devicekit-disk)

Abstract: Use policykit to avoid root password for mount an internal filesystem.

Last week, I updated my Arch Linux laptop, and got the new deviekit-disk. Then I found that the authorizations set with gnome interface, which actually sets theorg.freedesktop.hal.storage..., stops work. I have to give the root passwd when I try to mount an internal filesystem, which is really bothering:(

Luckly it is not hard to solve this problem with Policykit, though there dosen't seem to be a sweet GUI to help. All you have to do is simply create a text file named anything with suffix .pkla in /etc/polkit-1/localauthority/50-local.d/ and fill it with the content below:

[filesystems mount internal privs]
Identity=unix-group:disk
Action=org.freedesktop.devicekit.disks.filesystem-mount-system-internal
ResultAny=no
ResultInactive=no
ResultActive=yes

In case you have udisks2 instead of udisks, the action should written like this:

Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.filesystem-mount

Here I allow all users in group disk to mount internal filesystem without root password. disk is the default group of storage devices, you should add yourself to this group. Otherwise you can specify your login name:

Identity=unix-user:yourname

To see all possible actions, check /usr/share/polkit-1/actions directory.
You can always man pklocalauthority for more info:)


Update (May 22nd 2012)

Udisks2 uses different action name.


Update (Oct 25th, 2011)

Latest udev will set storage devices of group disk. So I specify group disk instead of storage now.

PS: I moved to a new blog.


Update (April 3rd 2010)

People from freedesktop.org are making a great progress - by renaming devicekit-disk as udisk (Sounds talking about flash disk, isn't it?)... So you got to change Action=org.freedesktop.devicekit.disks.filesystem-mount-system-internal to Action=org.freedesktop.udisks.filesystem-mount-system-internal.

Dear sirs/madams from freedesktop.org, will you please stop renaming things? It's not fun, at all :(


Update (April 16th, 2010)

It seems /etc/polkit-1/localauthority/50-local.d/ is a better place to apply your own settings.


Update (Nov 2nd, 2010)

The configuration file has to be named with suffix .pkla to be recognized, for more details you can man pklocalauthority. And lots of thanks goes to Awebb who kindly points this out :)

5 comments:

  1. Hello,

    "create a text file named anything" made me tinker with the the config for a while. After about an hour, I had a look at the manfile to find out you need to give the file the .pkla extension.

    Thanks alot for this little guide, it helped me unterstand the whole mechanism.

    Awebb

    ReplyDelete
  2. Thanks, you saved me hours with this simple, but highly effective solution. (esp. the Nov 2 revision)
    All works well on my Gentoo box.

    Amp

    ReplyDelete
  3. You saved me from allot of trouble, thank you

    ReplyDelete