Passwordless (auto)mounting with udisks2 and polkit
oliver at schinagl.nl
Wed May 13 00:02:19 PDT 2015
I've been playing around with udisks2 and polkit to setup an embedded
debian system to automatically mount usb/sd-flash media uppon insert.
Our system does not have a gui or lots of storage, so most desktop
solutions don't work for me.
I've scrounged the corners of the internet, and a lot of information is
still related to the old HAL stuff, the old udisks and udisks-glue etc.
I know this is all not polkit related yet, but bear with me
The most up to date information I can find with regards to polkit and
mounting is on the Arch wiki, where they say to create a file called
/etc/polkit-1/rules.d/50-udisks.rules and put permissions required
herein. I think this isn't even required, because even without the
supplied changes to permissions, I always get a question from
udisksctl/polkit to authenticate as the currently logged in user. The
rule that i'm replying with polkit.Result.YES to is
oliver at buildbox-arm:~$ udisksctl mount -o ro -b /dev/sdb1
==== AUTHENTICATING FOR
Authentication is required to mount Generic Flash Disk (/dev/sdb1)
Authenticating as: oliver
==== AUTHENTICATION COMPLETE ===
Mounted /dev/sdb1 at /media/68D5-1C9C.
I (very surly wrongfully) assumed that by adding the polkit rule, the
user (actually, I use subject.isInGroup("plugdev") with my user in the
group plugdev as pointed out by 'groups').
Checking with pkaction:
pkaction --verbose --action-id
description: Mount a filesystem from a device plugged into
message: Authentication is required to mount the filesystem
vendor: The udisks Project
implicit any: auth_admin
implicit inactive: auth_admin
implicit active: auth_admin_keep
I see that the message from polkit reads, authentication required. So
while i scrounge deeper into the darker webs of the internet, any
pointers as to what I was suppose to be doing to get passwordless
mounting to work?
Additionally, for bonus points, I'm wondering if all this is even
required for automounting. I was thinking of adding a udev rule (as the
usbmount package does) to call udisksctl mount (-o read-only) on my
device, so that may be run as root anyway and thus may not even need all
of this, but curiosity got the better of me and I may force the mount
job to run as the plugdev group eventually anyway.
Please help me correct the errors of my ways.
More information about the polkit-devel