Non-root media mounting using udisks-glue

Due to HAL deprecation, I’m using udisks-glue for media automounting on my Gentoo box. Its documentation is pretty good and it includes sample configurations for the most common cases, but it doesn’t say a word about giving non-root users the possibility to mount media.

A typical udisks-glue configuration needed for proper USB removable drives automounting would look like this:

filter disks {
    optical = false
    partition_table = false
    usage = filesystem
}

match disks {
    automount = true
    automount_options = { noatime, sync }
}

After saving the above contents to /etc/udisks-glue.conf and running udisks-glue from the root account, every pendrive you stick into a USB port should be automatically mounted in the /media folder. The thing is that using the configuration above, it will be mounted in mode 0700 which will allow access to the medium’s content, but only for the root user. While you can change the automount_options line to the following one:

automount_options = { "noatime", "sync", "dmask=0000" }

such a configuration grants all users full access to the medium’s content (of course you can provide a different dmask value and sometimes that is enough) and you still have to run udisks-glue from the root account. What if you want to allow a different user to mount media?

For PolicyKit/polkit versions earlier than 0.106, the solution is to create a *.pkla file with proper contents in the /etc/polkit-1/localauthority/50-local.d folder. The syntax of such files is documented. What I needed in particular was to enable a specific user to run udisks-glue for automatic mounting of attached media. I created a file called 50-usermount.pkla in the folder given above with the following contents:

[Media mounting by username]
Identity=unix-user:username
Action=org.freedesktop.udisks.filesystem-mount
ResultAny=yes

That was enough for udisks-glue run by username to automatically mount attached media with the owner set to username.

Update: since polkit version 0.106, *.pkla files are no longer used. Instead, new JavaScript-based *.rules files define polkit’s behavior. Such files should be placed in the /etc/polkit-1/rules.d directory to work. Below is a rule which defines the same behavior as the *.pkla file above:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks.filesystem-mount" && subject.user == "username") {
        return polkit.Result.YES;
    }
});
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s