Ask Your Question

Revision history [back]

Setting aside the security implications of allowing arbitrary users to mount disks on your system for a moment, let's suppose that you do want to do this.

I'd recommend, first, ensuring that the user is a member of a trusted group. For a small system, the normal wheel group (set by the “Administrative user” switch in the Settings program) is probably sufficient.

The Policy Kit provides authorizations and asks your shell to prompt for your password. (Its manual is on your system — eg, in Gnome Help hit Control+L, then type man:polkit, or from a terminal, type man polkit)

The following is one example from that manual:

  // Allow users in group 'engineers' to perform any operation on 
  // some drives without having to authenticate 
  // 
  polkit.addRule(function(action, subject) {
    if (action.id.indexOf("org.freedesktop.udisks2.") == 0 &&
        action.lookup("drive.vendor") == "SEAGATE" &&
        action.lookup("drive.model") == "ST3300657SS" &&
        subject.isInGroup("engineers")) {
            return polkit.Result.YES;
        }
    } });

The variation that might work particularly for you, would be:

 polkit.addRule(function(action, subject) {
    if (action.id.indexOf("org.freedesktop.udisks2.filesystem-mount-system") == 0 &&
       subject.isInGroup("wheel")) {
            return polkit.Result.YES;
        }});

To enable this policy, write it to a file, then use this command to install it into the policy directory:

sudo tee /etc/polkit-1/rules.d/99-local.rules <your-local-file

(The use of sudo tee will ensure that the policy file has correct security context; you could also do sudo mvyour-local-file/etc/polkit-1/rules.d/99-local.rules && sudo restorecon /etc/polkit-1/rules.d/99-local.rules for a similar effect.)

Setting aside the security implications of allowing arbitrary users to mount disks on your system for a moment, let's suppose that you do want to do this.

I'd recommend, first, ensuring that the user is a member of a trusted group. For a small system, the normal wheel group (set by the “Administrative user” switch in the Settings program) is probably sufficient.

The Policy Kit provides authorizations and asks your shell to prompt for your password. (Its manual is on your system — eg, in Gnome Help hit Control+L, then type man:polkit, or from a terminal, type man polkit)

The following is one example from that manual:

  // Allow users in group 'engineers' to perform any operation on 
  // some drives without having to authenticate 
  // 
  polkit.addRule(function(action, subject) {
    if (action.id.indexOf("org.freedesktop.udisks2.") == 0 &&
        action.lookup("drive.vendor") == "SEAGATE" &&
        action.lookup("drive.model") == "ST3300657SS" &&
        subject.isInGroup("engineers")) {
            return polkit.Result.YES;
        }
    } });

The variation that might work particularly for you, would be:

 polkit.addRule(function(action, subject) {
    if (action.id.indexOf("org.freedesktop.udisks2.filesystem-mount-system") == 0 &&
       subject.isInGroup("wheel")) {
            return polkit.Result.YES;
        }});

To enable this policy, write it to a file, then use this command to install it into the policy directory:

sudo tee /etc/polkit-1/rules.d/99-local.rules <your-local-file

(The use of sudo tee will ensure that the policy file has correct security context; you could also do sudo mvyour-local-file/etc/polkit-1/rules.d/99-local.rules && sudo restorecon /etc/polkit-1/rules.d/99-local.rules for a similar effect.)

PS — to determine the action.id for some action, look through the files in /usr/share/polkit-1/actions. They're XML files that have all of the actions and the translations into human languages.