Linux - DesktopThis forum is for the discussion of all Linux Software used in a desktop context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
zypper install autofs
Loading repository data...
Reading installed packages...
'autofs' is already installed.
No update candidate for 'autofs-5.0.9-17.1.armv7hl'. The highest available version is already installed.
Resolving package dependencies...
Nothing to do.
Otherwise zypper might have a --reinstall option which would be another way to do the same thing? I really haven't used SuSE since 7.0. And I generally do NOT use autofs, since hard shutdowns can damage media types if they're mounted at the time. It's just a little too common for the power to "blink" out in the country. And the closest thing to UPS's that I have are laptops. Which hardly qualifies when you use powered hubs, not powered by the laptop.
Without autofs (or other methods) you can only mount as root the things not in /etc/fstab. But you can mount them in a way to allow user access, although not the default for most distros.
I am running a headless box here, connecting via VNC.
Its only that I need to mount disk drives over the USB and SATA bus from time to time.
Right. Try relaxing the privileges as explained in post #21 so that inactive users can mount.
Alternatively, add a custom PolKit rule (eg /etc/polkit-1/rules.d/10-udisks2.rules) with the following...
Code:
// See the polkit(8) man page for more information
// about configuring polkit.
// Allow udisks2 to mount devices without authentication
// for users in the "users" group.
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
action.id == "org.freedesktop.udisks2.filesystem-mount") &&
subject.isInGroup("users")) {
return polkit.Result.YES;
}
});
* I've shown with group 'users', but you could change to another group, or not assign a group at all if preferred.
Right. Try relaxing the privileges as explained in post #21 so that inactive users can mount.
Alternatively, add a custom PolKit rule (eg /etc/polkit-1/rules.d/10-udisks2.rules) with the following...
Code:
// See the polkit(8) man page for more information
// about configuring polkit.
// Allow udisks2 to mount devices without authentication
// for users in the "users" group.
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
action.id == "org.freedesktop.udisks2.filesystem-mount") &&
subject.isInGroup("users")) {
return polkit.Result.YES;
}
});
* I've shown with group 'users', but you could change to another group, or not assign a group at all if preferred.
The changes you suggested in posting #21 had no affect.
And the file you mention in this posting already has the exact same settings in it as you suggest.
Could you please elaborate on the significance of the/a Display Manager in all of this?
For I do connect via VNC and thus I bypass the DM Login Screen altogether.
Could you please elaborate on the significance of the/a Display Manager in all of this?
For I do connect via VNC and thus I bypass the DM Login Screen altogether.
The DM plays a part in registering the active user.
I've just logged in to a remote machine with ssh as you do. I then attempted to mount a removable media device via udisksctl (as user)...
Code:
dean@linux-54cw:~> udisksctl mount -b /dev/sdb
==== AUTHENTICATING FOR org.freedesktop.udisks2.filesystem-mount-other-seat ===
Authentication is required to mount (/dev/sdb)
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
Mounted /dev/sdb at /media/6A76-3ADC.
dean@linux-54cw:~>
When attempting to mount this way it is 'org.freedesktop.udisks2.filesystem-mount-other-seat' privileges that are relevant here. So, you could modify the privileges to allow mounting with out authentication.
By default mine looks like
Code:
dean@linux-54cw:~> pkaction --action-id org.freedesktop.udisks2.filesystem-mount-other-seat --verbose
org.freedesktop.udisks2.filesystem-mount-other-seat:
description: Mount a filesystem from a device plugged into another seat
message: Authentication is required to mount the filesystem
vendor: The udisks Project
vendor_url: http://udisks.freedesktop.org/
icon: drive-removable-media
implicit any: auth_admin
implicit inactive: auth_admin
implicit active: auth_admin_keep
The following worked for me to allow unauthenticated mounting as a remote user...
Created 10-udiks2.rules with
Code:
// See the polkit(8) man page for more information
// about configuring polkit.
// Allow udisks2 to mount devices without authentication
//
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.udisks2.filesystem-mount-other-seat" ||
action.id == "org.freedesktop.udisks2.filesystem-mount") {
return polkit.Result.YES;
}
});
After a reboot of the host I was then able to log back in remotely and mount a removable device without authentication...
Code:
dir /media/6A76-3ADC1
total 572
drwxr-xr-x 3 dean users 2048 Sep 2 2011 Performance data
drwxr-xr-x 4 dean users 4096 Sep 2 2011 Music
drwxr-xr-x 2 dean users 1024 Sep 2 2011 Ubiquiti
will do them same as the custom PolKit .rules file described above.
Hurrayy !!!
Success at last :-)
Since I prefer simple over complicated, I went with your later approach and viola, it did the trick. Even w/o reboot.
The way you explained it also helped me (a lot) to understand what is happening here.
All the time I was under the mistaken assumption, that this was a problem with lacking authorizations for my user, when in fact it was a security feature of the udev polkit, restricting access to local resources for remotely logged-in user accounts.
Thx for helping me out on this one, w/o belittling me or sneering at my obvious lack of knowledge in this area.
I say that, because it happens less and less frequently that one can go into a tech forum and be so utterly clueless about a specific area (I am no NOOB, matter of fact I work in IT for a living, but I never had to deal with PolKits b4), yet still be offered competent help.
Most often you get clueless folks, suggesting all kinds of nonsense that usually ends up in some form of the age old "just reinstall everything" advice - or you are being berated by self-styled know-it-alls for your inability to figure it out by yourself.
You did neither, you just helped and stayed with it until the issue was solved. Thx for that!
Is there a way how I can reward you points in the forum for this?
BTW: Are those rules considered excessively lax or is it still "sane" to go with them? I am the only one allowed to VNC on the system and it is stuck behind three firewalls.
Last edited by Timatekore; 08-31-2017 at 09:42 AM.
Since I prefer simple over complicated, I went with your later approach and viola, it did the trick. Even w/o reboot.
The way you explained it also helped me (a lot) to understand what is happening here.
Congratulations! I was happy to have been of help. This one did take a bit of investigation, since I wasn't initially aware that we were talking about a remote login until the output suggested it in post #32! Anyway, sometimes it is necessary to adjust specific PolKit privileges a bit to get a job done. As long as you're aware and remote access security itself is good, I don't think this is unreasonable.
Code:
Is there a way how I can reward you points in the forum for this?
There is a rep button (icicle icon? lower left of posts) if you so desire.
Don't forget to pass the knowledge on when you are able to do so.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.