KDE Device Notifier mounts nouser filesystems
Andrei Borzenkov
arvidjaar at gmail.com
Thu Feb 12 22:24:31 PST 2015
В Thu, 12 Feb 2015 11:59:40 -0600
Paul Novak <k9jenius at gmail.com> пишет:
> I'm trying to track down what I think is a bug that
> can be seen using the KDE device notifier (although
> according to the KDE folks, the problem in either in
> udisk or polkit (either a bug or misconfiguration).
>
> I'm just a user; I'm not a developer.
>
> Before I write a bug report, I'm asking for confirmation
> that what I'm seeing is in fact a bug and not expected/
> desired behavior.
>
> I have verified this issue running LiveDVDs of
> Kubuntu, Mint, and PCLinuxOS. I used LiveDVDs
> to eliminate any possibility of the problem
> being related to my personal computer.
>
Live DVDs could intentionally loosen permission checks. After all you
are supposed to be the sole user and cannot interfere with anything.
> I have many partitions on my primary hard drive that
> are not normally mounted. One of them (for example)
> is LABEL-ed ROOT3 and I have an entry in /etc/fstab
> that looks like this:
>
> LABEL=ROOT3 /mnt/ROOT3 ext4 noauto,nouser,ro 1 2
>
> I don't want non-root users to be able to mount or unmount
> that partition, so I have set the "nouser" attribute.
>
> In a (non-root) terminal, if I run
>
> mount /mnt/ROOT3
>
> I will (correctly) get this error:
>
> mount: only root can mount LABEL=ROOT3 on /mnt/ROOT3
>
> However, if I (non-root user) click on the KDE Device Notifier and
> configure it to look at all devices (not just removable),
> then find the ROOT3 partition, and then click on the "little belt"
> icon to the right of the ROOT3, the Device Notifier does mount
> the filesystem read-only. Because the filestem is mounted
> read-only, I know the Device Notifier (or the tools it calls)
> is reading /etc/fstab. But I also know that "nouser" is
> apparently being ignored.
>
> I filed a bug report again the KDE Device Notifier, but they closed
> it saying the device notifier calls udisk with calls polkit when
> dealing with mounts, so the problem was either a bug or a
> misconfiguration of polkit or udisk.
>
use "udiskctl info -b /dev/sdXN" to check whether partition is
considered system or not:
bor at opensuse:~> udisksctl info -b /dev/sda1
/org/freedesktop/UDisks2/block_devices/sda1:
org.freedesktop.UDisks2.Block:
Configuration: [('fstab', {'fsname': <b'/dev/sda1'>, 'dir': <b'/boot'>, 'type': <b'ext2'>, 'opts': <b'defaults'>, 'freq': <1>, 'passno': <2>})]
...
HintSystem: true
System devices require authentication for
org.freedesktop.udisks2.filesystem-mount-system action; other devices -
for org.freedesktop.udisks2.filesystem-mount. Check whether polkit
grants you it:
bor at opensuse:~> pkcheck -a org.freedesktop.udisks2.filesystem-mount-system -p $$
polkit\56retains_authorization_after_challenge=1
Authorization requires authentication and -u wasn't passed.
So here poilkit will require explicit authentication for system
devices. As opposed to
bor at opensuse:~> pkcheck -a org.freedesktop.udisks2.filesystem-mount -p $$
bor at opensuse:~/src/udisks> echo $?
0
Finally try explicitly mount from command line
udisksctl mount -b /dev/sdXN
Note that it also depends on whether you have udisks or udisks2 and
polkit or polkit2 ... but you got an idea?
> I don't want to write a needless bug report if in fact
> this is behavior is not a bug. Could someone please
> let me know if this is expected behavior ("ro" is used,
> but "nouser" seems to be ignored)?
>
> Yesterday I posted a similar message to the polkit-devel
> mailing list, but I haven't heard anything from anyone
> there.
>
> Thanks.
>
> Paul.
>
> _______________________________________________
> devkit-devel mailing list
> devkit-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/devkit-devel
More information about the devkit-devel
mailing list