FS#35357 - [udisks2] support mounting for users in storage group
Attached to Project:
Arch Linux
Opened by Felipe Contreras (felipec) - Sunday, 19 May 2013, 01:13 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 21 May 2013, 23:02 GMT
Opened by Felipe Contreras (felipec) - Sunday, 19 May 2013, 01:13 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 21 May 2013, 23:02 GMT
|
Details
By default users are forced to eternally type the root
password each time they want to mount a local partition,
even when they are in the 'storage' group, which is meant
*precisely* to avoid this; if the storage group doesn't
allow users in this group from mounting partitions, then
what does it do?
Fortunately the developers of polkit allowed distributions to configure sane defaults, so this does the trick: cat > /etc/polkit-1/rules.d/10-udisks2.rules <<EOF // override for storage group users polkit.addRule(function(action, subject) { if (action.id.indexOf("org.freedesktop.udisks2.") == 0 && subject.isInGroup("storage")) { return polkit.Result.YES; } } ); EOF Currently each and every user is forced to do this, even though we know it's the right thing to do, and we know it's a sane default. It's described in the wiki page: https://wiki.archlinux.org/index.php/PolicyKit It's described on other wiki pages: https://wiki.archlinux.org/index.php/Enlightenment It's described in forums: http://bbs.archbang.org/viewtopic.php?id=2720 And in descendant distributions: http://wiki.manjaro.org/index.php/Access_Partitions_Without_Entering_a_Password Let's not fool ourselves into thinking that upstream wants us to ship without vendor configurations; they provide a minimal configuration and expect distributions to provide sane defaults depending on their needs. We do have a standard 'storage' group, so lets use it by adding the aforementioned configuration. |
This task depends upon
If you want your users to be able to mount filesystems on system disks then you can add them to /etc/fstab. The gnome-disk-utility has a nice GUI for doing this.
I'm against adding such a rule. Even if it is limited to mounting.
If the 'storage' group can't mount a partition, what's the purpose of such group?
No, it's not the same as giving them root privileges, they can only do operations with udisks2, nothing more. udisks2 is meant to operate on storage devices, which is exactly what the 'storage' group is for.
gnome-disk-utility will *ask* for the root password, essentially ignoring the fact that the user is in the 'storage' group.
For all intents and purposes it's as if the 'storage' group didn't exist at all.
i maintain my decision. the current implementation works for desktop usage. if you are not happy with it, you are free to change the behavior in your system.
The default rules allow users to mount removable devices. Fixed disks are only mountable if you enter the root password. If you want users to mount a fixed disk partition, you should configure it that way.
Your polkit rule allows pretty much every udisks operation for users in the storage group. Regular users who are member of the storage group could even format your fixed disk partitions with that.
Looking at other operating systems, I don't see any implementation that allows disk management to users who are in some magic group which is not "Administrators" or in case of linux "root".