[SOLVED] Change permissions on partitions to be accessible without password

PROBLEMCHYLD · 11-30-2018, 12:45 PM

How do I accomplish this? One tutorial I tried had me restoring a backup of my system. Can't believe everything you read on the internet.!!!!!!!!!!!!!!

elcore · 11-30-2018, 01:15 PM

I'd check first how it's mounted in fstab, add options from manual (man mount)

Code:

noauto,noexec,user,owner,ro

Code:

noauto,user,owner,rw

Or something like that, depending on what options you want.

PROBLEMCHYLD · 11-30-2018, 01:17 PM

Quote:

Originally Posted by elcore

I'd check first how it's mounted in fstab, add options from manual (man mount)

Code:

noauto,noexec,user,owner,ro

Code:

noauto,user,owner,rw

Or something like that, depending on what options you want.

My fstab is

Code:

/dev/sda4        swap             swap        defaults         0   0
/dev/sda3        /                ext4        defaults         1   1
#/dev/cdrom      /mnt/cdrom       auto        noauto,owner,ro,comment=x-gvfs-show 0   0
/dev/fd0         /mnt/floppy      auto        noauto,owner     0   0
devpts           /dev/pts         devpts      gid=5,mode=620   0   0
proc             /proc            proc        defaults         0   0
tmpfs            /dev/shm         tmpfs       defaults         0   0

The drives are NTFS partitions with Windows on them.

elcore · 11-30-2018, 01:58 PM

I guess you could create /windows or something and add to fstab

Code:

/dev/sda1         /windows       ntfs     noauto,noexec,user,owner,ro       0   0

Or if you really want to write there:

Code:

/dev/sda1         /windows       ntfs     noauto,noexec,user,owner,rw       0   0

(I don't recommend auto-mounting it, or executing files there, or writing in it. But it's your drive.)

BW-userx · 11-30-2018, 02:20 PM

slack mounts ntfs like this for all user access

Code:

/dev/sdb7        /media/ntfs1     ntfs-3g     fmask=111,dmask=000 1   0

or just mount it on the cli if you're just going to jump in Windows system for a look around.

luvr · 11-30-2018, 02:38 PM

Looks like something that PolicyKit can handle.
When you get the dialog box prompting you for the password, display the details to show the policy involved. Using the policy name, you can then create an appropriate configuration file to bypass the password entry box. I will have to look up the details later on, though.

PROBLEMCHYLD · 11-30-2018, 03:36 PM

fdisk -l | grep NTFS
/dev/sda1 * 2048 33556479 33554432 16G 7 HPFS/NTFS/exFAT
/dev/sda2 33556480 96471039 62914560 30G 7 HPFS/NTFS/exFAT

When I enter the root password the mount ends up

/run/media/problemchyld/28D619AD1015BF2B/
/run/media/problemchyld/10D9FEB652ECDBD2/

I have no problem accessing the drives, I just get tired of having to enter the password every time I'm shifting files around.

org.freedesktop.udisks2.filesystem-mount-system is the details.

upnort · 11-30-2018, 04:52 PM

Quote:

The drives are NTFS partitions with Windows on them.

In the past when helping others I devised three basic strategies when users had a Windows NTFS partition:

* No access other than dual boot. Intended for those horrified by their own lack of computer skills.
* Read-only access. Allows some users with some courage to at least view their Windows files.
* Read-write access. For those unafraid of their own fat fingers.

Here is the snippet from my configuration script:

Code:

if [ "$WINDOWS_PARTITION" != "" ]; then
  # Verify /etc/udev/rules.d/99-hide-partition.rules.
  UDEV_RULE=/etc/udev/rules.d/99-hide-partition.rules
  if [ ! -f "$UDEV_RULE" ]; then
    echo "Creating $UDEV_RULE."
    touch $UDEV_RULE
  else
    echo "$UDEV_RULE already exists."
  fi
  # Pre-populate the rules file.
  # The following will overwrite any existing contents.
  echo "Pre-populating $UDEV_RULE."
  echo "#KERNEL==\"$WINDOWS_PARTITION\", ENV{UDISKS_IGNORE}=\"1\"" > $UDEV_RULE
  SYSTEM_PARTITION="`blkid | grep ntfs | grep System | head -n1 | awk -F : '{print $1}' | sed 's|/dev/||'`"
  if [ "$SYSTEM_PARTITION" != "" ]; then
    echo "KERNEL==\"$SYSTEM_PARTITION\", ENV{UDISKS_IGNORE}=\"1\"" >> $UDEV_RULE
  fi
  RECOVERY_PARTITION="`blkid | grep ntfs | grep Recovery | head -n1 | awk -F : '{print $1}' | sed 's|/dev/||'`"
  if [ "$RECOVERY_PARTITION" != "" ]; then
    echo "KERNEL==\"$RECOVERY_PARTITION\", ENV{UDISKS_IGNORE}=\"1\"" >> $UDEV_RULE
  fi
  Wait_For_Response "Hide the Windows partition?"
  if [ "$response" = "y" ] || [ "$response" = "Y" ]; then
    # Uncomment the rule.
    sed -i "s|^#KERNEL==\"$WINDOWS_PARTITION\"|KERNEL==\"$WINDOWS_PARTITION\"|" $UDEV_RULE
  else
    # Leave the udev rule commented out. The partition will be mounted.
    # First ensure any previous entries are deleted in fstab.
    sed -i "/\/dev\/${WINDOWS_PARTITION}/d" /etc/fstab
    sed -i "/\/media\/Windows/d" /etc/fstab
    cat /etc/fstab
    echo
    Wait_For_Response "Mount the Windows partition read-only?"
    if [ "$response" = "y" ] || [ "$response" = "Y" ]; then
      MOUNT_PERMS="ro"
    else
      MOUNT_PERMS="rw"
    fi
    # Ensure the expected mount point exists.
    mkdir -p /media/Windows
    # Ensure the Windows partition has a disk label for file manager usability.
    echo "Applying a disk label to the Windows partition."
    ntfslabel /dev/${WINDOWS_PARTITION} Windows
    # Update /etc/fstab.
    echo >> /etc/fstab
    # Insert a helpful comment.
    echo "# /dev/${WINDOWS_PARTITION} - Windows Partition" >> /etc/fstab
    # The noexec mount option prevents executing exe files, in case WINE is installed.
    # The noauto option prevents the desktop icon from appearing all the
    # time. The user can mount when needed.
    echo "UUID=${WINDOWS_UUID} /media/Windows ntfs defaults,${MOUNT_PERMS},windows_names,noauto,noexec,ntfs=utf8 0 0" >> /etc/fstab
    echo >> /etc/fstab
    cat /etc/fstab
    echo
    Wait_For_Response "Continue?"
    if [ "$response" != "y" ] && [ "$response" != "Y" ]; then
      exit 1
    fi
    # udisks2 prevents using the traditional 'users' mount option in fstab.
    # To mount the NTFS partition without a password requires a polkit rule.
    if [ -d /etc/polkit-1/localauthority/50-local.d ]; then
      echo "Verifying polkit rule to mount the Windows partition without a password."
      POLKIT_RULE="/etc/polkit-1/localauthority/50-local.d/99-mount-partitions.pkla"
      if [ -a $POLKIT_RULE ]; then
        echo "$POLKIT_RULE exists."
      else
        echo "$POLKIT_RULE does not exist. Creating."
        touch $POLKIT_RULE
        echo "[Password-less mounting of local partitions]" > $POLKIT_RULE
        echo "Identity=unix-group:users" >> $POLKIT_RULE
        echo "Action=org.freedesktop.udisks2.filesystem-mount-system" >> $POLKIT_RULE
        echo "ResultAny=yes" >> $POLKIT_RULE
        echo "ResultInactive=yes" >> $POLKIT_RULE
        echo "ResultActive=yes" >> $POLKIT_RULE
      fi
      echo "Verifying polkit rule to configure printers without a password."
      POLKIT_RULE="/etc/polkit-1/localauthority/50-local.d/90-configure-printers.pkla"
      if [ -a $POLKIT_RULE ]; then
        echo "$POLKIT_RULE exists."
      else
        echo "$POLKIT_RULE does not exist. Creating."
        touch $POLKIT_RULE
        echo "[Password-less configuration of printers]" > $POLKIT_RULE
        echo "Identity=unix-group:lpadmin" >> $POLKIT_RULE
        echo "Action=org.opensuse.cupspkhelper.mechanism.*" >> $POLKIT_RULE
        echo "ResultAny=yes" >> $POLKIT_RULE
        echo "ResultInactive=yes" >> $POLKIT_RULE
        echo "ResultActive=yes" >> $POLKIT_RULE
      fi
    else
      echo "/etc/polkit-1/localauthority/50-local.d/ does not exist. Unable to create polkit rules."
      Wait_For_Response "Continue?"
      if [ "$response" != "y" ] && [ "$response" != "Y" ]; then
        exit 1
      fi
      echo
    fi
  fi
  echo
fi

There is more to the script but hopefully the variables make sense. Notice the user must be a member of the users group.

The script was intended to automate installing a dual boot system. There is no need to use the script snippet. Just extract the applicable sections, such as making udev and polkit rules and populating fstab.

I have not tested this in a long while and have not tested with Windows 10. I have not tested in a true Linux multi-user system with multiple users concurrently logged on using switching.

PROBLEMCHYLD · 12-01-2018, 10:24 AM

Thanks for the script but I'm not quite sure where to 'Nip and Tuck' and does this apply when you have multiple NTFS drives?

upnort · 12-01-2018, 12:14 PM

Quote:

does this apply when you have multiple NTFS drives

Yes.

To hide partitions from any disk and any operating system, use udev rules like this:

Code:

# Hide Windows SYSTEM partition.
KERNEL=="sda1", ENV{UDISKS_IGNORE}="1"
# Hide Windows C: partition.
KERNEL=="sda2", ENV{UDISKS_IGNORE}="1"
# Hide Windows RECOVERY partition.
KERNEL=="sda3", ENV{UDISKS_IGNORE}="1"
# Hide MY BACKUP partition.
KERNEL=="sdb5", ENV{UDISKS_IGNORE}="1"

Multiple rules can be maintained in the same rule file. I call my rule 99-hide-partition.rules. Adding the rule is good idea even when wanting read-only or read-write access to Windows files because typically users do not want to be bothered by Windows system and recovery partitions. The udev rules for those partitions keeps the partitions out of file manager mount lists.

Moving up the ladder so to speak, to allow read-only access to the Windows C: partition:

* Comment out the udev rule for the Windows C: partition.
* Create a mount point. For example, /media/windows or /mnt/windows.
* Use blkid to grab the partition UUID.
* Edit fstab:

Code:

# /dev/sda2 - Windows C: Partition
UUID=${WINDOWS_UUID} /media/windows ntfs defaults,ro,windows_names,noauto,noexec,ntfs=utf8 0 0"

To allow read-write access to the same partition, change the ro to rw.

To avoid the password prompt, create a polkit rule:

/etc/polkit-1/localauthority/50-local.d/99-mount-partitions.pkla

Code:

[Password-less mounting of local partitions]
Identity=unix-group:users
Action=org.freedesktop.udisks2.filesystem-mount-system
ResultAny=yes
ResultInactive=yes
ResultActive=yes

Be sure the user account is a member of the users group or whatever group you want to use.

I created this sequence of steps before polkit supported *.rules files. The syntax for a rules file is different from a pkla file. Slackware 14.2 uses polkit 0.113, which supports *.rules files. polkit 0.105 and older does not support *.rules files and only supports *.pkla files.

If you have a dual boot Windows system, for example, running Windows 7 and 10, just add the additional partitions to both the udev rule and fstab.

luvr · 12-01-2018, 01:10 PM

If I understand correctly, then you just want to bypass the password prompt that appears when you attempt to open a disk filesystem that is not yet mounted.

To achieve that, you need to create the appropriate polkit rule in the ‘/etc/polkit-1/rules.d’ directory. The files in that directory are numbered, and they are processed in order, sorted by their filenames. Whenever the policy kit validates a request, it will execute the code in the files in sequence, until one of them returns a result. Thus, if you want to override any existing policy, you should make sure that your file will execute as early as possible. In other words, you will need to assign it a name that starts with a low number—e.g., “00”.

Therefore, you could name your file, e.g., ‘00-local.overrides.rules’. If you want any user to be able to mount internal disk filesystems without getting a password prompt, then the contents of the file should look something like the following:

Code:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount-system") {
        return polkit.Result.YES;
    }
});

If, on the other hand, you want to suppress the password prompt only for users that belong to a specific user group—e.g., “plugdev”—then the contents will look something like this:

Code:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
        subject.isInGroup("plugdev")) {
        return polkit.Result.YES;
    }
});

Hope that helps.

PROBLEMCHYLD · 12-03-2018, 01:45 PM

All of you guys methods worked!!! I have everything up and running and thanks very much.

I chose luvr approach because I was able to add more software to stop the password pop ups. Thanks to all....

19-bypass-root-password.rules

Code:

polkit.addRule(function(action, subject) {
    if (action.id == "org.fedoraproject.config.samba.configure" ||
	action.id == "org.freedesktop.policykit.exec" ||
	action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
	action.id == "org.gnome.gparted")
    {
	return polkit.Result.YES;
    }
});

This way I can keep everything in one place. I can't seem to get cups working bypassing the password prompt. Any ideas?

enorbet · 12-06-2018, 02:27 AM

Glad you got it OK but it might be worthy of mention on the subject of ntfs partitions and permission that there is a really simple way that I use. Here's one line from /etc/fstab for one partition

Code:

###/etc/fstab
/dev/sda2     /mnt/ntfs2     ntfs-3g     fmask=111,dmask=000   1   0

luvr · 12-06-2018, 03:37 AM

Quote:

Originally Posted by PROBLEMCHYLD

I can't seem to get cups working bypassing the password prompt. Any ideas?

I guess you mean the password prompt that I attached here?
That obviously isnʼt handled by PolicyKit, which, consequently, wonʼt be able to bypass it.
I have no idea how it could be bypassed, or if this is even possible in the first place.

Petri Kaukasoina · 12-06-2018, 03:56 AM

Quote:

Originally Posted by PROBLEMCHYLD

I can't seem to get cups working bypassing the password prompt. Any ideas?

In /etc/cups/cups-files.conf there is a line beginning with word SystemGroup. Add a group there, say 'cupsadmin', and add yourself to that group.