Passwordless (auto)mounting with udisks2 and polkit

Olliver Schinagl oliver at schinagl.nl
Wed May 13 00:02:19 PDT 2015 

Hello list,

I've been playing around with udisks2 and polkit to setup an embedded 
debian system to automatically mount usb/sd-flash media uppon insert. 
Our system does not have a gui or lots of storage, so most desktop 
solutions don't work for me.

I've scrounged the corners of the internet, and a lot of information is 
still related to the old HAL stuff, the old udisks and udisks-glue etc. 
I know this is all not polkit related yet, but bear with me

The most up to date information I can find with regards to polkit and 
mounting is on the Arch wiki, where they say to create a file called 
/etc/polkit-1/rules.d/50-udisks.rules and put permissions required 
herein. I think this isn't even required, because even without the 
supplied changes to permissions, I always get a question from 
udisksctl/polkit to authenticate as the currently logged in user. The 
rule that i'm replying with polkit.Result.YES to is 
"org.freedesktop.udisks2.filesystem-mount-other-seat" because:

oliver at buildbox-arm:~$ udisksctl mount -o ro -b /dev/sdb1
==== AUTHENTICATING FOR 
org.freedesktop.udisks2.filesystem-mount-other-seat ===
Authentication is required to mount Generic Flash Disk (/dev/sdb1)
Authenticating as: oliver
Password:
==== AUTHENTICATION COMPLETE ===
Mounted /dev/sdb1 at /media/68D5-1C9C.

I (very surly wrongfully) assumed that by adding the polkit rule, the 
user (actually, I use subject.isInGroup("plugdev") with my user in the 
group plugdev as pointed out by 'groups').

Checking with pkaction:
  pkaction --verbose --action-id 
org.freedesktop.udisks2.filesystem-mount-other-seat
org.freedesktop.udisks2.filesystem-mount-other-seat:
   description:       Mount a filesystem from a device plugged into 
another seat
   message:           Authentication is required to mount the filesystem
   vendor:            The udisks Project
   vendor_url: http://udisks.freedesktop.org/
   icon:              drive-removable-media
   implicit any:      auth_admin
   implicit inactive: auth_admin
   implicit active:   auth_admin_keep


I see that the message from polkit reads, authentication required. So 
while i scrounge deeper into the darker webs of the internet, any 
pointers as to what I was suppose to be doing to get passwordless 
mounting to work?

Additionally, for bonus points, I'm wondering if all this is even 
required for automounting. I was thinking of adding a udev rule (as the 
usbmount package does) to call udisksctl mount (-o read-only) on my 
device, so that may be run as root anyway and thus may not even need all 
of this, but curiosity got the better of me and I may force the mount 
job to run as the plugdev group eventually anyway.


Please help me correct the errors of my ways.
Olliver

More information about the polkit-devel mailing list