| View previous topic :: View next topic |
| Author |
Message |
taskman
n00b
Joined: 29 Nov 2018
Posts: 39
|
 Posted: Tue Mar 05, 2019 1:41 pm Post subject: no rights to mount/umount devices as user w/o fstab |
 |
|
Hi,
I want to mount devices as user, like gvfs (gio mount).
But it doesn't matter what I did, I won't get the rights to do so.
First I tried to acquire rights via visudo.
/etc/sudoers ...
| Code: | %wheel ALL=(root) NOPASSWD: /bin/mount
%wheel ALL=(root) NOPASSWD: /bin/umount |
| Code: | [~] grep mm /etc/group
adm:x:4:root,adm,daemon,mm
disk:x:6:root,adm,mm
wheel:x:10:root,mm
audio:x:18:mm
cdrom:x:19:mm
video:x:27:root,mm
cdrw:x:80:mm
usb:x:85:mm
users:x:100:mm
systemd-journal:x:245:mm
libvirt:x:1000:mm
mm:x:1001:
|
This didn't work so I tried to set rights in /etc/sudoers.d/mm ...
| Code: | mm ALL=(root) NOPASSWD: /bin/mount
mm ALL=(root) NOPASSWD: /bin/umount |
This didn't work neither.
So I tried to acquire rights via polkit.
/etc/polkit-1/rules.d/10-udisks.rules ...
| Code: | /* https://wiki.archlinux.de/title/Laufwerk_als_User_mounten */
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" && subject.isInGroup("wheel") ||
action.id == "org.freedesktop.udisks2.filesystem-mount" && subject.isInGroup("wheel") ||
action.id == "org.freedesktop.udisks2.encrypted-unlock-system" && subject.isInGroup("wheel") ||
action.id == "org.freedesktop.udisks2.encrypted-unlock" && subject.isInGroup("wheel") )
{
return polkit.Result.YES;
}
});
|
Again, this didn't work.
Every thing I tried leads to using sudo and even then I have to inseart the password.
At one point I installed gnome-base/gvfs, but even then I had no rights to mount devices.
I wasn't even able to use the trashcan cause of missing $XDG_DATA_HOME.
/home/mm/.bash_profile ...
| Code: | | export XDG_DATA_HOME="$HOME/.local.share" |
Didn't changed a thing, so I deinstalled gvfs.
I am confused now and don't know how to proceed.
It can't be that hard, maybe I am missing something.
My goal is creating some bash scripts and mount/umount devices via dmenu.
I run with systemd and have not installed consolekit, cause of some incompatibility on shutdown and reboot.
HALP plx |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9891
Location: almost Mile High in the USA
|
| Posted: Tue Mar 05, 2019 4:51 pm Post subject: |
|
|
What is the exact problem that you're seeing?
Being prompted for a password or the ioctl failing due to insufficient privileges? Are you using the whole path /bin/mount as specified in sudoers?
The polkit rule you have only affects udisks2 so it won't let you mount with /bin/mount.
If you're running systemd, you don't need consolekit, the functionality is part of systemd.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
taskman
n00b
Joined: 29 Nov 2018
Posts: 39
|
| Posted: Tue Mar 05, 2019 4:59 pm Post subject: |
|
|
| Code: | [~] mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1] /bin/mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1] |
Translation is: root only can do this.
When using the same commands with sudo I get prompted for the password.
| Code: | [~] sudo /bin/mount /dev/sdc1 usb/
Passwort:
[~]
|
|
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9891
Location: almost Mile High in the USA
|
| Posted: Tue Mar 05, 2019 5:59 pm Post subject: |
|
|
| taskman wrote: | | Code: | [~] mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1] /bin/mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1] |
Translation is: root only can do this.
|
This is correct. The device needs to be in fstab with a fixed mount point to allow a regular user to do this, flagged with "user".
| Quote: | When using the same commands with sudo I get prompted for the password.
| Code: | [~] sudo /bin/mount /dev/sdc1 usb/
Passwort:
[~]
|
|
This implies that sudoers is (still) set up wrong. What is your
and we need to figure out why sudo doesn't think you fall under the bucket you created...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
taskman
n00b
Joined: 29 Nov 2018
Posts: 39
|
| Posted: Tue Mar 05, 2019 8:55 pm Post subject: |
|
|
| Code: | [~] id
uid=1000(mm) gid=1001(mm) Gruppen=1001(mm),4(adm),6(disk),10(wheel),18(audio),19(cdrom),27(video),80(cdrw),85(usb),100(users),245(systemd-journal),1000(libvirt) |
I had the same problem with reboot/shutdown when editing /etc/sudoers,
so I added rights into /etc/sudoers.d/mm without the use of visudo. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 621
Location: France
|
| Posted: Mon Mar 11, 2019 4:30 pm Post subject: |
|
|
This works on debian stretch, for the "mygroup" system group, and without sudo :
| Code: | # cat /etc/polkit-1/localauthority/50-local.d/55-storage.pkla
[Storage Permissions]
Identity=unix-group:mygroup
Action=org.freedesktop.udisks2.filesystem-mount-other-seat
ResultAny=yes |
Then, the mount command is :
| Code: | | $ udisksctl mount -b /dev/sdb1 --no-user-interaction |
I don't know if this can work as is on Gentoo. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
