Polkit permissions on org.freedesktop.udisks.filesystem-mount
David Zeuthen
zeuthen at gmail.com
Wed Jul 7 12:15:42 PDT 2010
Hi,
On Wed, Jul 7, 2010 at 2:02 PM, Dmitry Dzhus <dima at sphinx.net.ru> wrote:
> What is the supposed policy for mounting permissions? Should it be
> possible for local users to just mount flash drives (looks like
> `<allow_active>yes</allow_active>` in udisks actions file implies that
> it is)?
The expected behavior for mounting USB drives is defined by the
org.freedesktop.udisks.filesystem-mount action. We know this from
reading the .policy file shipped by udisks, see
http://cgit.freedesktop.org/udisks/tree/policy/org.freedesktop.udisks.policy.in?id=1.0.1#n12
and we see the snippet is
<action id="org.freedesktop.udisks.filesystem-mount">
<_description>Mount a device</_description>
<_message>Authentication is required to mount the device</_message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
What does this mean? Read the polkit(8) man page
http://hal.freedesktop.org/docs/polkit/polkit.8.html
in particular the bits about allow_any, allow_inactive and
allow_active and you will find that users by default are authorized if
they are in active sessions on the local consoles (maybe that's what
you meant by active users).
> I can't do this with `udisks --mount /dev/sdX` because I'm not
> authorized, is it the expected behaviour?
Maybe you are not in an active session on the local console. PolicyKit
relies on a working ConsoleKit installation - check that
ck-list-sessions output is correct.
David
More information about the devkit-devel
mailing list