Polkit permissions on org.freedesktop.udisks.filesystem-mount

David Zeuthen zeuthen at gmail.com
Wed Jul 7 12:15:42 PDT 2010


On Wed, Jul 7, 2010 at 2:02 PM, Dmitry Dzhus <dima at sphinx.net.ru> wrote:
> What is the supposed policy for mounting permissions? Should it be
> possible for local users to just mount flash drives (looks like
> `<allow_active>yes</allow_active>` in udisks actions file implies that
> it is)?

The expected behavior for mounting USB drives is defined by the
org.freedesktop.udisks.filesystem-mount action. We know this from
reading the .policy file shipped by udisks, see


and we see the snippet is

  <action id="org.freedesktop.udisks.filesystem-mount">
    <_description>Mount a device</_description>
    <_message>Authentication is required to mount the device</_message>

What does this mean? Read the polkit(8) man page


in particular the bits about allow_any, allow_inactive and
allow_active and you will find that users by default are authorized if
they are in active sessions on the local consoles (maybe that's what
you meant by active users).

> I can't do this with `udisks --mount /dev/sdX` because I'm not
> authorized, is it the expected behaviour?

Maybe you are not in an active session on the local console. PolicyKit
relies on a working ConsoleKit installation - check that
ck-list-sessions output is correct.


More information about the devkit-devel mailing list