[clug] Debian Jessie, Polkit & udisks2: user mount of usb flash drives from command-line or remote X-11 connection
steve jenkin
sjenkin at canb.auug.org.au
Sun Nov 12 22:13:07 UTC 2017
This took me most of the weekend to find a solution, so perhaps someone else might benefit.
Anyone in the ‘plugdev’ group gets to mount & unmount USB flash drives without providing the root password.
As delivered, this was only possible if you logged on at the console.
Apparently Jessie uses a version of Polkit (< 0.106) that doesn’t use the contents of /rules.d/
Debian puts the Polkit rules.d files in /var/lib not /etc/
I wasn’t able to find any way to produce a debugging log from Polkit - perhaps it wasn’t being called.
There was a process to turn on this logging (journalctl + rules.d file] that didn’t work for me.
useful debugging commands:
> sudo udevadm control --reload-rules
> udisksctl monitor
> sudo qdbus monitor --system --dest org.freedesktop.UDisks2 [needs X11 display]
> sudo journalctl -a -n 20 -f -u udisks2.service
>
> journalctl -n 20 -f -u polkit.service [didn’t work for me]
====================
Command Usage
====================
$ sudo lsblk -f /dev/sdg
> NAME FSTYPE LABEL UUID MOUNTPOINT
> sdg
> └─sdg1 ext2 SJ-8G-LEX8 3ed83a56-a751-498d-b020-c2087a4f690e
$ udisksctl mount -b /dev/sdg1;df -h /dev/sdg1;udisksctl unmount -b /dev/sdg
> Mounted /dev/sdg1 at /media/steve/SJ-8G-LEX8.
> Filesystem Size Used Avail Use% Mounted on
> /dev/sdg1 7.4G 17M 7.0G 1% /media/steve/SJ-8G-LEX8
> Unmounted /dev/sdg1.
====================
System Info
====================
$ cat /etc/debian_version
> 8.9
$ less /etc/apt/sources.list
> deb http://ftp.au.debian.org/debian jessie main contrib non-free
> deb-src http://ftp.au.debian.org/debian jessie main contrib non-free
$ pkcheck --version
> pkcheck version 0.105
$ pkaction --action-id org.freedesktop.udisks2.filesystem-mount-other-seat --verbose
> org.freedesktop.udisks2.filesystem-mount-other-seat:
> description: Mount a filesystem from a device plugged into another seat
> message: Authentication is required to mount the filesystem
> vendor: The udisks Project
> vendor_url: http://udisks.freedesktop.org/
> icon: drive-removable-media
> implicit any: auth_admin
> implicit inactive: auth_admin
> implicit active: auth_admin_keep
$ less /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy
>
> <action id="org.freedesktop.udisks2.filesystem-mount-system">
> <description>Mount a filesystem on a system device</description>
> <defaults>
> <allow_any>auth_admin</allow_any>
> <allow_inactive>auth_admin</allow_inactive>
> <allow_active>yes</allow_active>
> </defaults>
> </action>
>
> <action id="org.freedesktop.udisks2.filesystem-mount-other-seat">
> <description>Mount a filesystem from a device plugged into another seat</description>
> <defaults>
> <allow_any>auth_admin</allow_any>
> <allow_inactive>auth_admin</allow_inactive>
> <allow_active>auth_admin_keep</allow_active>
> </defaults>
> </action>
>>>>> ADDED THIS FILE <<<<<<<
Note: for a shared system, the actions could be reduced to just "org.freedesktop.udisks2.filesystem-mount-other-seat"
$ sudo cat /var/lib/polkit-1/localauthority/50-local.d/org.debian.udisk.pkla
> [udisks]
> Identity=unix-group:plugdev
> Action=org.freedesktop.udisks.*
> ResultAny=yes
> [udisks2]
> Identity=unix-group:plugdev
> Action=org.freedesktop.udisks2.*
> ResultAny=yes
=============================
LINKS
udisks - Adding permissions for udiskie-mount to policykit
Apr 20 2016
<https://unix.stackexchange.com/questions/277606/adding-permissions-for-udiskie-mount-to-policykit>
udiskie: Debug Info
<https://github.com/coldfix/udiskie/wiki/Debug-Info>
Automount USB drives with systemd
Mar 28 2016
<https://serverfault.com/questions/766506/automount-usb-drives-with-systemd>
--
Steve Jenkin, IT Systems and Design
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA
mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list