On 2025-06-11 13:35, Simon McVittie wrote:
On Wed, 11 Jun 2025 at 12:14:36 -0400, Marc Deslauriers wrote:
On 2025-06-06 09:40, Attila Szasz wrote:
I didn't make this explicit in the video, but this works when
running as a non-sudoer user, and also on Ubuntu Server. I think
Canonical Product Security might have better estimates on this, but
I'm guessing many of the corporate, gov, academic, HPC cluster, etc
use cases are impacted practically in such a setting.
This isn't supposed to work for non-privileged users, and not on servers. We
allow mounting usb drives for admin users sitting at the console by shipping a
package called "policykit-desktop-privileges" which contains the following
polkit rule:
[Mounting, checking, etc. of internal drives]
Identity=unix-group:admin;unix-group:sudo
Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.e
ncrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;
ResultActive=yes
I don't think that stanza is relevant here, because it's about "system" or
"internal" disks. udisks2 has a concept of whether a disk is "system" or not:
see the source code for full details, but a short version is that internal HDDs/
SSDs are "system" and USB thumb drives are not, possibly modulo some corner
cases like running your OS from a USB thumb drive.
Oh, yes, you are totally right. I always thought mounting usb drives was an
Ubuntu-specific setting, but now that I look at udisks, the default for
"org.freedesktop.udisks2.filesystem-mount" is in fact
<allow_active>yes</allow_active>.
Marc.
