Mailing List Archive

Disable password required to mount removable hard disk.
Hi,

     I use a sata drive caddy with 2Tb hard disks for offline backups. 
Almost everytime (within sessions are ok?) it asks for a password before
automounting.  This is just annoying and has no security benefit in my
environment (why just hard disks when USB keys and SD cards don't ask
for one?). 

So, how can I disable the automounter asking for a password either in
general, or just for my backup drives?

BillK
Re: Disable password required to mount removable hard disk. [ In reply to ]
Hello BillK,

I guess, that you are looking for the mount option "user":

/etc/fstab

/dev/sdx         /<some_path>       ext4 noauto,user,relatime 0       2

In this way, I can mount "/dev/sdx" with an unprivileged user:

$ mount /<some_path>

See also "man 8 mount" ("Non-superuser mounts").

I am not sure, if this also works with "automount" from "net-fs/autofs",
if this is what you meant with "automounter".

-Ramon

On 01/04/2021 06:51, William Kenworthy wrote:
> Hi,
>
>      I use a sata drive caddy with 2Tb hard disks for offline backups.
> Almost everytime (within sessions are ok?) it asks for a password before
> automounting.  This is just annoying and has no security benefit in my
> environment (why just hard disks when USB keys and SD cards don't ask
> for one?).
>
> So, how can I disable the automounter asking for a password either in
> general, or just for my backup drives?
>
> BillK
>
>
>

--
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF
Re: Disable password required to mount removable hard disk. [ In reply to ]
Addendum:

I forgot to answer your other question:

Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which
allows your unprivileged user to mount USB drives and SD cards without
any password.

-Ramon

[1] https://wiki.gentoo.org/wiki/Polkit

On 01/04/2021 09:13, Ramon Fischer wrote:
> Hello BillK,
>
> I guess, that you are looking for the mount option "user":
>
>    /etc/fstab
>
>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
> 0       2
>
> In this way, I can mount "/dev/sdx" with an unprivileged user:
>
>    $ mount /<some_path>
>
> See also "man 8 mount" ("Non-superuser mounts").
>
> I am not sure, if this also works with "automount" from
> "net-fs/autofs", if this is what you meant with "automounter".
>
> -Ramon
>
> On 01/04/2021 06:51, William Kenworthy wrote:
>> Hi,
>>
>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>> Almost everytime (within sessions are ok?) it asks for a password before
>> automounting.  This is just annoying and has no security benefit in my
>> environment (why just hard disks when USB keys and SD cards don't ask
>> for one?).
>>
>> So, how can I disable the automounter asking for a password either in
>> general, or just for my backup drives?
>>
>> BillK
>>
>>
>>
>

--
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF
Re: Disable password required to mount removable hard disk. [ In reply to ]
I have used fstab in the past -its more a workaround that breaks (i.e, a
disk usually, but not always appears as /dev/sde, and while I currently
use btrfs I also use xfs on some portable drives.)

I mean automounting of disks (pam/polkit/udsiks2 seem to be involved),
not autofs in this case

BillK


On 1/4/21 3:13 pm, Ramon Fischer wrote:
> Hello BillK,
>
> I guess, that you are looking for the mount option "user":
>
>    /etc/fstab
>
>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
> 0       2
>
> In this way, I can mount "/dev/sdx" with an unprivileged user:
>
>    $ mount /<some_path>
>
> See also "man 8 mount" ("Non-superuser mounts").
>
> I am not sure, if this also works with "automount" from
> "net-fs/autofs", if this is what you meant with "automounter".
>
> -Ramon
>
> On 01/04/2021 06:51, William Kenworthy wrote:
>> Hi,
>>
>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>> Almost everytime (within sessions are ok?) it asks for a password before
>> automounting.  This is just annoying and has no security benefit in my
>> environment (why just hard disks when USB keys and SD cards don't ask
>> for one?).
>>
>> So, how can I disable the automounter asking for a password either in
>> general, or just for my backup drives?
>>
>> BillK
>>
>>
>>
>
Re: Disable password required to mount removable hard disk. [ In reply to ]
Hi, I only have a default polkit rule - nothing about usb.

Just noticed the mount dialog box contains:

Action: org.freedesktop.udisks2.filesystem-mount-system

Vendor: The Udsks Project"

I have found some documents on the web, but nothing yet on how to deal
with this issue.

BillK


On 1/4/21 3:21 pm, Ramon Fischer wrote:
> Addendum:
>
> I forgot to answer your other question:
>
> Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which
> allows your unprivileged user to mount USB drives and SD cards without
> any password.
>
> -Ramon
>
> [1] https://wiki.gentoo.org/wiki/Polkit
>
> On 01/04/2021 09:13, Ramon Fischer wrote:
>> Hello BillK,
>>
>> I guess, that you are looking for the mount option "user":
>>
>>    /etc/fstab
>>
>>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
>> 0       2
>>
>> In this way, I can mount "/dev/sdx" with an unprivileged user:
>>
>>    $ mount /<some_path>
>>
>> See also "man 8 mount" ("Non-superuser mounts").
>>
>> I am not sure, if this also works with "automount" from
>> "net-fs/autofs", if this is what you meant with "automounter".
>>
>> -Ramon
>>
>> On 01/04/2021 06:51, William Kenworthy wrote:
>>> Hi,
>>>
>>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>>> Almost everytime (within sessions are ok?) it asks for a password
>>> before
>>> automounting.  This is just annoying and has no security benefit in my
>>> environment (why just hard disks when USB keys and SD cards don't ask
>>> for one?).
>>>
>>> So, how can I disable the automounter asking for a password either in
>>> general, or just for my backup drives?
>>>
>>> BillK
>>>
>>>
>>>
>>
>
Re: Disable password required to mount removable hard disk. (solved) [ In reply to ]
In the end it was easy: created a polkit rule enabling users in the
wheel group to not use a password.

rattus ~ # cat /etc/polkit-1/rules.d/55-disks.rules

// Allow any user in the 'wheel' group to mount a disk
// without entering a password.

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
        subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});
rattus ~ #

Thanks for the polkit hint.

BillK


On 1/4/21 6:08 pm, William Kenworthy wrote:
> Hi, I only have a default polkit rule - nothing about usb.
>
> Just noticed the mount dialog box contains:
>
> Action: org.freedesktop.udisks2.filesystem-mount-system
>
> Vendor: The Udsks Project"
>
> I have found some documents on the web, but nothing yet on how to deal
> with this issue.
>
> BillK
>
>
> On 1/4/21 3:21 pm, Ramon Fischer wrote:
>> Addendum:
>>
>> I forgot to answer your other question:
>>
>> Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which
>> allows your unprivileged user to mount USB drives and SD cards without
>> any password.
>>
>> -Ramon
>>
>> [1] https://wiki.gentoo.org/wiki/Polkit
>>
>> On 01/04/2021 09:13, Ramon Fischer wrote:
>>> Hello BillK,
>>>
>>> I guess, that you are looking for the mount option "user":
>>>
>>>    /etc/fstab
>>>
>>>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
>>> 0       2
>>>
>>> In this way, I can mount "/dev/sdx" with an unprivileged user:
>>>
>>>    $ mount /<some_path>
>>>
>>> See also "man 8 mount" ("Non-superuser mounts").
>>>
>>> I am not sure, if this also works with "automount" from
>>> "net-fs/autofs", if this is what you meant with "automounter".
>>>
>>> -Ramon
>>>
>>> On 01/04/2021 06:51, William Kenworthy wrote:
>>>> Hi,
>>>>
>>>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>>>> Almost everytime (within sessions are ok?) it asks for a password
>>>> before
>>>> automounting.  This is just annoying and has no security benefit in my
>>>> environment (why just hard disks when USB keys and SD cards don't ask
>>>> for one?).
>>>>
>>>> So, how can I disable the automounter asking for a password either in
>>>> general, or just for my backup drives?
>>>>
>>>> BillK
>>>>
>>>>
>>>>
Re: Disable password required to mount removable hard disk. (solved) [ In reply to ]
Awesome!

I am glad to hear, that I could help. :)

-Ramon

On 01/04/2021 13:28, William Kenworthy wrote:
> In the end it was easy: created a polkit rule enabling users in the
> wheel group to not use a password.
>
> rattus ~ # cat /etc/polkit-1/rules.d/55-disks.rules
>
> // Allow any user in the 'wheel' group to mount a disk
> // without entering a password.
>
> polkit.addRule(function(action, subject) {
>     if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
>         subject.isInGroup("wheel"))
{
>         return polkit.Result.YES;
>     }
> });
> rattus ~ #
>
> Thanks for the polkit hint.
>
> BillK
>
>
> On 1/4/21 6:08 pm, William Kenworthy wrote:
>> Hi, I only have a default polkit rule - nothing about usb.
>>
>> Just noticed the mount dialog box contains:
>>
>> Action: org.freedesktop.udisks2.filesystem-mount-system
>>
>> Vendor: The Udsks Project"
>>
>> I have found some documents on the web, but nothing yet on how to deal
>> with this issue.
>>
>> BillK
>>
>>
>> On 1/4/21 3:21 pm, Ramon Fischer wrote:
>>> Addendum:
>>>
>>> I forgot to answer your other question:
>>>
>>> Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which
>>> allows your unprivileged user to mount USB drives and SD cards without
>>> any password.
>>>
>>> -Ramon
>>>
>>> [1] https://wiki.gentoo.org/wiki/Polkit
>>>
>>> On 01/04/2021 09:13, Ramon Fischer wrote:
>>>> Hello BillK,
>>>>
>>>> I guess, that you are looking for the mount option "user":
>>>>
>>>>    /etc/fstab
>>>>
>>>>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
>>>> 0       2
>>>>
>>>> In this way, I can mount "/dev/sdx" with an unprivileged user:
>>>>
>>>>    $ mount /<some_path>
>>>>
>>>> See also "man 8 mount" ("Non-superuser mounts").
>>>>
>>>> I am not sure, if this also works with "automount" from
>>>> "net-fs/autofs", if this is what you meant with "automounter".
>>>>
>>>> -Ramon
>>>>
>>>> On 01/04/2021 06:51, William Kenworthy wrote:
>>>>> Hi,
>>>>>
>>>>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>>>>> Almost everytime (within sessions are ok?) it asks for a password
>>>>> before
>>>>> automounting.  This is just annoying and has no security benefit in my
>>>>> environment (why just hard disks when USB keys and SD cards don't ask
>>>>> for one?).
>>>>>
>>>>> So, how can I disable the automounter asking for a password either in
>>>>> general, or just for my backup drives?
>>>>>
>>>>> BillK
>>>>>
>>>>>
>>>>>

--
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF
Re: Disable password r equired to mount removable hard disk. [ In reply to ]
On April 1, 2021 10:12:00 AM GMT+02:00, William Kenworthy <billk@iinet.net.au> wrote:
>I have used fstab in the past -its more a workaround that breaks (i.e, a
>disk usually, but not always appears as /dev/sde [...]

fstab? Workaround? Use UUID.


--
Hund
Re: Disable password required to mount removable hard disk. [ In reply to ]
The password problem was solved back in April, but some more info on the
semi random disk assignments might help someone as the question keeps
popping up:

I use genkernel and grub to boot via MBR - however root is on a btrfs
raid 10 (all SSD's, 3 are whole disk and one has root on  partition 3
alongside boot and swap)

When using /dev/sdx notation, the grub hardware mapping (root)
semi-randomly moves between disks

OK, so I tried using UUID's - the same

So I tried using labels - still happens!!!

Interestingly, a suspend/resume always works as expected then a couple
of days ago I stumbled on a genkernel bug (#796272
<https://bugs.gentoo.org/show_bug.cgi?id=796272>) with module loading -
its a bit of a corner case but its looking like I might have found the
cause.

BillK



On 18/6/21 2:13 pm, Hund wrote:
> On April 1, 2021 10:12:00 AM GMT+02:00, William Kenworthy <billk@iinet.net.au> wrote:
>> I have used fstab in the past -its more a workaround that breaks (i.e, a
>> disk usually, but not always appears as /dev/sde [...]
> fstab? Workaround? Use UUID.
>
>
> --
> Hund
>