Problem with sudo and mounting as user

revinary · 10-05-2011, 07:22 AM

Hi all,

I am running Debian testing + Gnome 2 and have added !authenticate to the Defaults in my sudoers file.

It had the desired effect: neither sudo nor gtksudo (which is configured to use sudo as backend) require entering my password anymore
EXCEPT
when I try to mount a device in nautilus it always asks me to enter my user password (which indicates that sudo is used to grant the rights).

Any ideas why in the paticular case of mounting storage the !authenticate option has no effect?

Thanks,

rev

kbscores · 10-05-2011, 08:17 AM

Is it a specific account that is mounting or is it all users?

For specific user add:

userName ALL=NOPASSWD: /bin/mount /filesystem

OR for all users

users ALL=NOPASSWD: /bin/mount /filesystem

Note: /bin/mount maybe a different path depending on how your box is set up.

revinary · 10-06-2011, 03:01 AM

Thanks for your reply,

what exactly does /filesystem stand for?

Anyway, shouldn't the !authenticate option in my sudoers file disable password checks ENTIRELY?

My sudoers file looks like this atm:

Code:

Defaults	env_reset,!authenticate,editor=/usr/bin/nano
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

root	ALL=(ALL:ALL) ALL
%sudo	ALL=(ALL:ALL) NOPASSWD:ALL

Again, using sudo/gksu/gksudo works without asking for my p/w EXCEPT when mounting a device with nautilus.

Note, the device is an external eSATA drive. If I attach it via USB it gets mounted automatically and without requireing a p/w.

Any clues?

Cheers,

rev

kbscores · 10-06-2011, 08:41 AM

Mounting with Nautilis is a bit buggy in general with Debian Distro. The Ubuntu forums are filled with threads about it. Some of the posts date all the way back to 02-07-2010.

Yes,!authenticate should work. /filesystem is whatever your mount point is to in fstab.

Example:
fstab file:

Code:

192.168.200.25:/content /content   nfs  defaults 0 0

Then sudoers would look like this for user bob to have access:

Code:

bob ALL=NOPASSWD: /bin/mount /content

A couple of other things to check is make sure mount point is opened all the way up to 777 before mounting. The actual mount filesystem controls permissions. I've found things can get a little hairy when it isn't opened up.

Sorry if this isn't super helpful.

revinary · 10-07-2011, 03:00 AM

Thanks for your reply,

the disk is not in my fstab since it's removable (and should therefore be treated like an external USB drive).

I stumbled across an udev rule on ArchWiki:

Code:

DEVPATH=="/devices/pci0000:00/0000:00:1f.2/host4/*", ENV{UDISKS_SYSTEM_INTERNAL}="0"

is supposed to mark the eSata drive as external but doesn't work for me.

For now, I worked around it by giving me rights to mount internal drives using PolicyKit:

Code:

[Mount a system-internal device]
Identity=*
Action=org.freedesktop.udisks.filesystem-mount-system-internal
ResultActive=yes

Cheers,

rev

kbscores · 10-07-2011, 09:25 AM

Thanks. This will probably prove useful. Cause I've run into similar errors while trying to mount external drives.