Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
no rights to mount/umount devices as user w/o fstab
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
taskman
n00b
n00b


Joined: 29 Nov 2018
Posts: 37

PostPosted: Tue Mar 05, 2019 1:41 pm    Post subject: no rights to mount/umount devices as user w/o fstab Reply with quote

Hi,

I want to mount devices as user, like gvfs (gio mount).
But it doesn't matter what I did, I won't get the rights to do so.

First I tried to acquire rights via visudo.
/etc/sudoers ...
Code:
%wheel ALL=(root) NOPASSWD: /bin/mount
%wheel ALL=(root) NOPASSWD: /bin/umount

Code:
[~] grep mm /etc/group
adm:x:4:root,adm,daemon,mm
disk:x:6:root,adm,mm
wheel:x:10:root,mm
audio:x:18:mm
cdrom:x:19:mm
video:x:27:root,mm
cdrw:x:80:mm
usb:x:85:mm
users:x:100:mm
systemd-journal:x:245:mm
libvirt:x:1000:mm
mm:x:1001:

This didn't work so I tried to set rights in /etc/sudoers.d/mm ...
Code:
mm ALL=(root) NOPASSWD: /bin/mount
mm ALL=(root) NOPASSWD: /bin/umount

This didn't work neither.

So I tried to acquire rights via polkit.
/etc/polkit-1/rules.d/10-udisks.rules ...
Code:
/* https://wiki.archlinux.de/title/Laufwerk_als_User_mounten */
polkit.addRule(function(action, subject) {
   if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" && subject.isInGroup("wheel") ||
       action.id == "org.freedesktop.udisks2.filesystem-mount" && subject.isInGroup("wheel") ||
       action.id == "org.freedesktop.udisks2.encrypted-unlock-system" && subject.isInGroup("wheel") ||
       action.id == "org.freedesktop.udisks2.encrypted-unlock" && subject.isInGroup("wheel") )
    {
       return polkit.Result.YES;
    }
});

Again, this didn't work.

Every thing I tried leads to using sudo and even then I have to inseart the password.

At one point I installed gnome-base/gvfs, but even then I had no rights to mount devices.
I wasn't even able to use the trashcan cause of missing $XDG_DATA_HOME.
/home/mm/.bash_profile ...
Code:
export XDG_DATA_HOME="$HOME/.local.share"

Didn't changed a thing, so I deinstalled gvfs.

I am confused now and don't know how to proceed.
It can't be that hard, maybe I am missing something.
My goal is creating some bash scripts and mount/umount devices via dmenu.

I run with systemd and have not installed consolekit, cause of some incompatibility on shutdown and reboot.

HALP plx
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Tue Mar 05, 2019 4:51 pm    Post subject: Reply with quote

What is the exact problem that you're seeing?

Being prompted for a password or the ioctl failing due to insufficient privileges? Are you using the whole path /bin/mount as specified in sudoers?

The polkit rule you have only affects udisks2 so it won't let you mount with /bin/mount.

If you're running systemd, you don't need consolekit, the functionality is part of systemd.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
taskman
n00b
n00b


Joined: 29 Nov 2018
Posts: 37

PostPosted: Tue Mar 05, 2019 4:59 pm    Post subject: Reply with quote

Code:
[~] mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1] /bin/mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1]

Translation is: root only can do this.

When using the same commands with sudo I get prompted for the password.
Code:
[~] sudo /bin/mount /dev/sdc1 usb/
Passwort:
[~]
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Tue Mar 05, 2019 5:59 pm    Post subject: Reply with quote

taskman wrote:
Code:
[~] mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1] /bin/mount /dev/sdc1 usb/
mount: nur „root“ kann dies tun
[~, ERR:1]

Translation is: root only can do this.

This is correct. The device needs to be in fstab with a fixed mount point to allow a regular user to do this, flagged with "user".
Quote:
When using the same commands with sudo I get prompted for the password.
Code:
[~] sudo /bin/mount /dev/sdc1 usb/
Passwort:
[~]

This implies that sudoers is (still) set up wrong. What is your
Code:
$ id

and we need to figure out why sudo doesn't think you fall under the bucket you created...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
taskman
n00b
n00b


Joined: 29 Nov 2018
Posts: 37

PostPosted: Tue Mar 05, 2019 8:55 pm    Post subject: Reply with quote

Code:
[~] id
uid=1000(mm) gid=1001(mm) Gruppen=1001(mm),4(adm),6(disk),10(wheel),18(audio),19(cdrom),27(video),80(cdrw),85(usb),100(users),245(systemd-journal),1000(libvirt)


I had the same problem with reboot/shutdown when editing /etc/sudoers,
so I added rights into /etc/sudoers.d/mm without the use of visudo.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 550
Location: France

PostPosted: Mon Mar 11, 2019 4:30 pm    Post subject: Reply with quote

This works on debian stretch, for the "mygroup" system group, and without sudo :

Code:
# cat /etc/polkit-1/localauthority/50-local.d/55-storage.pkla
[Storage Permissions]
Identity=unix-group:mygroup
Action=org.freedesktop.udisks2.filesystem-mount-other-seat
ResultAny=yes


Then, the mount command is :

Code:
$ udisksctl mount -b /dev/sdb1 --no-user-interaction


I don't know if this can work as is on Gentoo.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum