Do not require a password every time to mount internal disks

Bug #465054 reported by nikman on 2009-10-30
46
This bug affects 6 people
Affects Status Importance Assigned to Milestone
devicekit-disks (Ubuntu)
High
Martin Pitt

Bug Description

In Karmic, users are required to enter their password each time when they want to mount a system-internal disk.

In Jaunty and earlier it was possible to keep the policykit privilege forever, but that has been rightfully abandoned in polkit-1 as bad design. A better solution is to ship vendor specific policy extensions (see man pklocalauthority).

Martin Pitt (pitti) wrote :

polkit-policy-file-validate does not apply to the new-style files in /usr/share/polkit-1 (it's for the old policykit).

The password issue is a common complaint, I'll devote this report to that.

summary: - issues in org.freedesktop.devicekit.disks.policy
+ Do not require a password every time to mount internal disks
Changed in devicekit-disks (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → Medium
status: New → Triaged
daf (davydm) wrote :

Confirmed: replacing occurrences of <allow_active>auth_admin_keep</allow_active> with <allow_active>yes</allow_active> does make the problem disappear. There is more than one occurrence of this line. I don't know what difference this actually makes from a policykit / security standpoint -- but it does mean that I can mount my internal windows drives without a password now.

Martin Pitt (pitti) wrote :

I just discussed this with upstream. I think the best way forward is to use the configurability of polkit to allow org.freedesktop.devicekit.disks.filesystem-mount-system-internal for admin users without a password.

Changed in devicekit-disks (Ubuntu):
status: Triaged → In Progress
Martin Pitt (pitti) wrote :
Changed in devicekit-disks (Ubuntu):
status: In Progress → Fix Committed
description: updated
Martin Pitt (pitti) on 2009-11-10
Changed in devicekit-disks (Ubuntu):
importance: Medium → High
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package devicekit-disks - 009-1ubuntu2

---------------
devicekit-disks (009-1ubuntu2) lucid; urgency=low

  Resynchronize to Debian git head, no remaining Ubuntu changes.

  [ Michael Biebl ]
  * debian/patches/09-reiserfs-support.patch
    - Add support for ReiserFS.

  [ Martin Pitt ]
  * Add debian/local/ubuntu.pkla: Allow passwordless file system operations
    for local foreground admin user sessions on Ubuntu. Install it in
    debian/rules. (LP: #465054)
  * Add 02-allow-simulated-smart.patch: Allow simulated SMART data on
    non-SMART devices. This is both useful for testing DK-disks itself, as
    well as recreating bugs with SMART handling. (fd.o #24772)
  * Add 03-hide-configuration-partition-12.patch: Hide Compaq recovery
    partition type 0x12. (fd.o #24999, LP: #451304)
  * Add 04-hide-wd-smartware-partition.patch: Ignore Western Digital SmartWare
    partitions. (fd.o #25009, LP: #474790)
  * Add 06-guid-partition-flags.patch: Fix setting flags for GUID partitions.
    (fd.o #25034)
 -- Martin Pitt <email address hidden> Wed, 11 Nov 2009 17:42:19 +0100

Changed in devicekit-disks (Ubuntu):
status: Fix Committed → Fix Released
Sam Freilich (l33tminion) wrote :

Any chance this could be released as an update for Karmic?

Desh Danz (nicoluno) wrote :

In karmic you always need to insert your password when you want to mount a partition, pretty boring.

Doug McMahon (mc3man) wrote :

While it could be suggested that careful editing the appropriate line /usr/share/polkit-1/actions/org.freedesktop.devicekit.disks.policy could achieve the same result in karmic, the lucid 'fix' seems better and cleaner .

Not to mention that injudicious editing of the files in actions can lead to unintended results and shouldn't be encouraged

The patch for lucid ( creation of a file in /var/lib/polkit-1/localauthority/10-vendor.d 0) seems to also work in karmic, have done so here with the intended correct result and with no apparent ill effects ( though could stand to be corrected by those who know better if need be.

Marc MAURICE (dooblem) wrote :

Waiting for an update in karmic, as said by Doug, the patch for lucid also works for me:

Put the following in /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.DeviceKit.Disks.pkla

[No password required for admins]
Identity=unix-group:admin
Action=org.freedesktop.devicekit.disks.filesystem-*
ResultActive=yes

And reboot. (reconnect ?)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers