I'm trying to figure out what I think is a problem
that can be seen by using the KDE device notifier.
I've tried it on 4 distributions (PCLinuxOS,
Suse, Kubuntu, and Mint) with identical results.
I have an extra partition on my hard drive
LABEL-ed ROOT3. I intentionally have the
"nouser" attribute set in /etc/fstab so that
a non-root user cannot mount or unmount this
filesystem. I have an entry for it in /etc/fstab
that look like this:
LABEL=ROOT3 /mnt/ROOT3 ext4 noauto,nouser,ro 1 2
As a normal (non-root) user, in a terminal, if I
run "mount /mnt/ROOT3", it (correctly) fails with
the message:
mount: only root can mount LABEL=HOME3 on /mnt/HOME3
This is the behavior I desire: that only "root" can mount
LABEL=ROOT3, but any user can mount LABEL=HOME3. I have
verified that root and run the mount command (I don't have
some cryptic typo in /etc/fstab).
But running KDE as a normal (non-root) user, if I click on the
device manager and configure it to look at all devices,
not just removable, find the ROOT3 storage volume, and click
on the "little belt" icon, the ROOT3 filesystem will
mount read-only. In other words, "nouser" does not seem
to have any effect when I'm using the device manager as non-root.
I wrote a bug report against KDE/device manager (344009), but
they closed it saying the device manager calls udisk which
calls polkit, and it's an issue with polkit in some manner
(configuration or bug), not a problem with with KDE.
They did seem to imply it was a problem, but not definitely,
and certainly not theirs.
What I would like to happen is that when a non-root user
running KDE opens the device manager and clicks on ROOT3,
either the user is prompted for the root password, or
the command is denied with an error. I certainly don't
want non-root users to be able to mount ROOT3, but I do
want them to able to mount the other filesystems I have
in /etc/fstab that are not tagged "nouser" without having
to enter any password.
I tried finding some useful documentation about polkit, the
best being on the Arch Linux website, but I couldn't really
make sense of it. But given that at least 4 large distributions
share the same issue, I'm not even convinced that the behavior
I'm seeing is not some intended feature somehow...
Can anything be done to get the behavior I'm looking for?
xr200
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/polkit-devel
