public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Disable password required to mount removable hard disk.
@ 2021-04-01  4:51 William Kenworthy
  2021-04-01  7:13 ` Ramon Fischer
  0 siblings, 1 reply; 9+ messages in thread
From: William Kenworthy @ 2021-04-01  4:51 UTC (permalink / raw
  To: gentoo-user@lists.gentoo.org

Hi,

     I use a sata drive caddy with 2Tb hard disks for offline backups. 
Almost everytime (within sessions are ok?) it asks for a password before
automounting.  This is just annoying and has no security benefit in my
environment (why just hard disks when USB keys and SD cards don't ask
for one?). 

So, how can I disable the automounter asking for a password either in
general, or just for my backup drives?

BillK




^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk.
  2021-04-01  4:51 [gentoo-user] Disable password required to mount removable hard disk William Kenworthy
@ 2021-04-01  7:13 ` Ramon Fischer
  2021-04-01  7:21   ` Ramon Fischer
  2021-04-01  8:12   ` [gentoo-user] Disable password required to mount removable hard disk William Kenworthy
  0 siblings, 2 replies; 9+ messages in thread
From: Ramon Fischer @ 2021-04-01  7:13 UTC (permalink / raw
  To: gentoo-user


[-- Attachment #1.1: Type: text/plain, Size: 1064 bytes --]

Hello BillK,

I guess, that you are looking for the mount option "user":

    /etc/fstab

    /dev/sdx         /<some_path>       ext4 noauto,user,relatime 0       2

In this way, I can mount "/dev/sdx" with an unprivileged user:

    $ mount /<some_path>

See also "man 8 mount" ("Non-superuser mounts").

I am not sure, if this also works with "automount" from "net-fs/autofs", 
if this is what you meant with "automounter".

-Ramon

On 01/04/2021 06:51, William Kenworthy wrote:
> Hi,
>
>       I use a sata drive caddy with 2Tb hard disks for offline backups.
> Almost everytime (within sessions are ok?) it asks for a password before
> automounting.  This is just annoying and has no security benefit in my
> environment (why just hard disks when USB keys and SD cards don't ask
> for one?).
>
> So, how can I disable the automounter asking for a password either in
> general, or just for my backup drives?
>
> BillK
>
>
>

-- 
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk.
  2021-04-01  7:13 ` Ramon Fischer
@ 2021-04-01  7:21   ` Ramon Fischer
  2021-04-01 10:08     ` William Kenworthy
  2021-04-01  8:12   ` [gentoo-user] Disable password required to mount removable hard disk William Kenworthy
  1 sibling, 1 reply; 9+ messages in thread
From: Ramon Fischer @ 2021-04-01  7:21 UTC (permalink / raw
  To: gentoo-user


[-- Attachment #1.1: Type: text/plain, Size: 1436 bytes --]

Addendum:

I forgot to answer your other question:

Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which 
allows your unprivileged user to mount USB drives and SD cards without 
any password.

-Ramon

[1] https://wiki.gentoo.org/wiki/Polkit

On 01/04/2021 09:13, Ramon Fischer wrote:
> Hello BillK,
>
> I guess, that you are looking for the mount option "user":
>
>    /etc/fstab
>
>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime 
> 0       2
>
> In this way, I can mount "/dev/sdx" with an unprivileged user:
>
>    $ mount /<some_path>
>
> See also "man 8 mount" ("Non-superuser mounts").
>
> I am not sure, if this also works with "automount" from 
> "net-fs/autofs", if this is what you meant with "automounter".
>
> -Ramon
>
> On 01/04/2021 06:51, William Kenworthy wrote:
>> Hi,
>>
>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>> Almost everytime (within sessions are ok?) it asks for a password before
>> automounting.  This is just annoying and has no security benefit in my
>> environment (why just hard disks when USB keys and SD cards don't ask
>> for one?).
>>
>> So, how can I disable the automounter asking for a password either in
>> general, or just for my backup drives?
>>
>> BillK
>>
>>
>>
>

-- 
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk.
  2021-04-01  7:13 ` Ramon Fischer
  2021-04-01  7:21   ` Ramon Fischer
@ 2021-04-01  8:12   ` William Kenworthy
  2021-06-18  6:13     ` Hund
  1 sibling, 1 reply; 9+ messages in thread
From: William Kenworthy @ 2021-04-01  8:12 UTC (permalink / raw
  To: gentoo-user

I have used fstab in the past -its more a workaround that breaks (i.e, a
disk usually, but not always appears as /dev/sde, and while I currently
use btrfs I also use xfs on some portable drives.)

I mean automounting of disks (pam/polkit/udsiks2 seem to be involved),
not autofs in this case

BillK


On 1/4/21 3:13 pm, Ramon Fischer wrote:
> Hello BillK,
>
> I guess, that you are looking for the mount option "user":
>
>    /etc/fstab
>
>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
> 0       2
>
> In this way, I can mount "/dev/sdx" with an unprivileged user:
>
>    $ mount /<some_path>
>
> See also "man 8 mount" ("Non-superuser mounts").
>
> I am not sure, if this also works with "automount" from
> "net-fs/autofs", if this is what you meant with "automounter".
>
> -Ramon
>
> On 01/04/2021 06:51, William Kenworthy wrote:
>> Hi,
>>
>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>> Almost everytime (within sessions are ok?) it asks for a password before
>> automounting.  This is just annoying and has no security benefit in my
>> environment (why just hard disks when USB keys and SD cards don't ask
>> for one?).
>>
>> So, how can I disable the automounter asking for a password either in
>> general, or just for my backup drives?
>>
>> BillK
>>
>>
>>
>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk.
  2021-04-01  7:21   ` Ramon Fischer
@ 2021-04-01 10:08     ` William Kenworthy
  2021-04-01 11:28       ` [gentoo-user] Disable password required to mount removable hard disk. (solved) William Kenworthy
  0 siblings, 1 reply; 9+ messages in thread
From: William Kenworthy @ 2021-04-01 10:08 UTC (permalink / raw
  To: gentoo-user

Hi, I only have a default polkit rule - nothing about usb.

Just noticed the mount dialog box contains:

Action: org.freedesktop.udisks2.filesystem-mount-system

Vendor: The Udsks Project"

I have found some documents on the web, but nothing yet on how to deal
with this issue.

BillK


On 1/4/21 3:21 pm, Ramon Fischer wrote:
> Addendum:
>
> I forgot to answer your other question:
>
> Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which
> allows your unprivileged user to mount USB drives and SD cards without
> any password.
>
> -Ramon
>
> [1] https://wiki.gentoo.org/wiki/Polkit
>
> On 01/04/2021 09:13, Ramon Fischer wrote:
>> Hello BillK,
>>
>> I guess, that you are looking for the mount option "user":
>>
>>    /etc/fstab
>>
>>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
>> 0       2
>>
>> In this way, I can mount "/dev/sdx" with an unprivileged user:
>>
>>    $ mount /<some_path>
>>
>> See also "man 8 mount" ("Non-superuser mounts").
>>
>> I am not sure, if this also works with "automount" from
>> "net-fs/autofs", if this is what you meant with "automounter".
>>
>> -Ramon
>>
>> On 01/04/2021 06:51, William Kenworthy wrote:
>>> Hi,
>>>
>>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>>> Almost everytime (within sessions are ok?) it asks for a password
>>> before
>>> automounting.  This is just annoying and has no security benefit in my
>>> environment (why just hard disks when USB keys and SD cards don't ask
>>> for one?).
>>>
>>> So, how can I disable the automounter asking for a password either in
>>> general, or just for my backup drives?
>>>
>>> BillK
>>>
>>>
>>>
>>
>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk. (solved)
  2021-04-01 10:08     ` William Kenworthy
@ 2021-04-01 11:28       ` William Kenworthy
  2021-04-01 11:58         ` Ramon Fischer
  0 siblings, 1 reply; 9+ messages in thread
From: William Kenworthy @ 2021-04-01 11:28 UTC (permalink / raw
  To: gentoo-user

In the end it was easy: created a polkit rule enabling users in the
wheel group to not use a password.

rattus ~ # cat /etc/polkit-1/rules.d/55-disks.rules

// Allow any user in the 'wheel' group to mount a disk
// without entering a password.

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
        subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});
rattus ~ #

Thanks for the polkit hint.

BillK


On 1/4/21 6:08 pm, William Kenworthy wrote:
> Hi, I only have a default polkit rule - nothing about usb.
>
> Just noticed the mount dialog box contains:
>
> Action: org.freedesktop.udisks2.filesystem-mount-system
>
> Vendor: The Udsks Project"
>
> I have found some documents on the web, but nothing yet on how to deal
> with this issue.
>
> BillK
>
>
> On 1/4/21 3:21 pm, Ramon Fischer wrote:
>> Addendum:
>>
>> I forgot to answer your other question:
>>
>> Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which
>> allows your unprivileged user to mount USB drives and SD cards without
>> any password.
>>
>> -Ramon
>>
>> [1] https://wiki.gentoo.org/wiki/Polkit
>>
>> On 01/04/2021 09:13, Ramon Fischer wrote:
>>> Hello BillK,
>>>
>>> I guess, that you are looking for the mount option "user":
>>>
>>>    /etc/fstab
>>>
>>>    /dev/sdx         /<some_path>       ext4 noauto,user,relatime
>>> 0       2
>>>
>>> In this way, I can mount "/dev/sdx" with an unprivileged user:
>>>
>>>    $ mount /<some_path>
>>>
>>> See also "man 8 mount" ("Non-superuser mounts").
>>>
>>> I am not sure, if this also works with "automount" from
>>> "net-fs/autofs", if this is what you meant with "automounter".
>>>
>>> -Ramon
>>>
>>> On 01/04/2021 06:51, William Kenworthy wrote:
>>>> Hi,
>>>>
>>>>       I use a sata drive caddy with 2Tb hard disks for offline backups.
>>>> Almost everytime (within sessions are ok?) it asks for a password
>>>> before
>>>> automounting.  This is just annoying and has no security benefit in my
>>>> environment (why just hard disks when USB keys and SD cards don't ask
>>>> for one?).
>>>>
>>>> So, how can I disable the automounter asking for a password either in
>>>> general, or just for my backup drives?
>>>>
>>>> BillK
>>>>
>>>>
>>>>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk. (solved)
  2021-04-01 11:28       ` [gentoo-user] Disable password required to mount removable hard disk. (solved) William Kenworthy
@ 2021-04-01 11:58         ` Ramon Fischer
  0 siblings, 0 replies; 9+ messages in thread
From: Ramon Fischer @ 2021-04-01 11:58 UTC (permalink / raw
  To: gentoo-user


[-- Attachment #1.1: Type: text/plain, Size: 2710 bytes --]

Awesome!

I am glad to hear, that I could help. :)

-Ramon

On 01/04/2021 13:28, William Kenworthy wrote:
> In the end it was easy: created a polkit rule enabling users in the
> wheel group to not use a password.
>
> rattus ~ # cat /etc/polkit-1/rules.d/55-disks.rules
>
> // Allow any user in the 'wheel' group to mount a disk
> // without entering a password.
>
> polkit.addRule(function(action, subject) {
>      if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
>          subject.isInGroup("wheel")) 
{
>          return polkit.Result.YES;
>      }
> });
> rattus ~ #
>
> Thanks for the polkit hint.
>
> BillK
>
>
> On 1/4/21 6:08 pm, William Kenworthy wrote:
>> Hi, I only have a default polkit rule - nothing about usb.
>>
>> Just noticed the mount dialog box contains:
>>
>> Action: org.freedesktop.udisks2.filesystem-mount-system
>>
>> Vendor: The Udsks Project"
>>
>> I have found some documents on the web, but nothing yet on how to deal
>> with this issue.
>>
>> BillK
>>
>>
>> On 1/4/21 3:21 pm, Ramon Fischer wrote:
>>> Addendum:
>>>
>>> I forgot to answer your other question:
>>>
>>> Maybe you also have set some rules in "/etc/polkit/rules.d/"[1], which
>>> allows your unprivileged user to mount USB drives and SD cards without
>>> any password.
>>>
>>> -Ramon
>>>
>>> [1] https://wiki.gentoo.org/wiki/Polkit
>>>
>>> On 01/04/2021 09:13, Ramon Fischer wrote:
>>>> Hello BillK,
>>>>
>>>> I guess, that you are looking for the mount option "user":
>>>>
>>>>     /etc/fstab
>>>>
>>>>     /dev/sdx         /<some_path>       ext4 noauto,user,relatime
>>>> 0       2
>>>>
>>>> In this way, I can mount "/dev/sdx" with an unprivileged user:
>>>>
>>>>     $ mount /<some_path>
>>>>
>>>> See also "man 8 mount" ("Non-superuser mounts").
>>>>
>>>> I am not sure, if this also works with "automount" from
>>>> "net-fs/autofs", if this is what you meant with "automounter".
>>>>
>>>> -Ramon
>>>>
>>>> On 01/04/2021 06:51, William Kenworthy wrote:
>>>>> Hi,
>>>>>
>>>>>        I use a sata drive caddy with 2Tb hard disks for offline backups.
>>>>> Almost everytime (within sessions are ok?) it asks for a password
>>>>> before
>>>>> automounting.  This is just annoying and has no security benefit in my
>>>>> environment (why just hard disks when USB keys and SD cards don't ask
>>>>> for one?).
>>>>>
>>>>> So, how can I disable the automounter asking for a password either in
>>>>> general, or just for my backup drives?
>>>>>
>>>>> BillK
>>>>>
>>>>>
>>>>>

-- 
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk.
  2021-04-01  8:12   ` [gentoo-user] Disable password required to mount removable hard disk William Kenworthy
@ 2021-06-18  6:13     ` Hund
  2021-06-18 12:24       ` William Kenworthy
  0 siblings, 1 reply; 9+ messages in thread
From: Hund @ 2021-06-18  6:13 UTC (permalink / raw
  To: gentoo-user

On April 1, 2021 10:12:00 AM GMT+02:00, William Kenworthy <billk@iinet.net.au> wrote:
>I have used fstab in the past -its more a workaround that breaks (i.e, a
>disk usually, but not always appears as /dev/sde [...]

fstab? Workaround? Use UUID.


--
Hund


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [gentoo-user] Disable password required to mount removable hard disk.
  2021-06-18  6:13     ` Hund
@ 2021-06-18 12:24       ` William Kenworthy
  0 siblings, 0 replies; 9+ messages in thread
From: William Kenworthy @ 2021-06-18 12:24 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1090 bytes --]

The password problem was solved back in April, but some more info on the
semi random disk assignments might help someone as the question keeps
popping up:

I use genkernel and grub to boot via MBR - however root is on a btrfs
raid 10 (all SSD's, 3 are whole disk and one has root on  partition 3
alongside boot and swap)

When using /dev/sdx notation, the grub hardware mapping (root)
semi-randomly moves between disks

OK, so I tried using UUID's - the same

So I tried using labels - still happens!!!

Interestingly, a suspend/resume always works as expected then a couple
of days ago I stumbled on a genkernel bug (#796272
<https://bugs.gentoo.org/show_bug.cgi?id=796272>) with module loading -
its a bit of a corner case but its looking like I might have found the
cause.

BillK



On 18/6/21 2:13 pm, Hund wrote:
> On April 1, 2021 10:12:00 AM GMT+02:00, William Kenworthy <billk@iinet.net.au> wrote:
>> I have used fstab in the past -its more a workaround that breaks (i.e, a
>> disk usually, but not always appears as /dev/sde [...]
> fstab? Workaround? Use UUID.
>
>
> --
> Hund
>

[-- Attachment #2: Type: text/html, Size: 1816 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2021-06-18 12:25 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-04-01  4:51 [gentoo-user] Disable password required to mount removable hard disk William Kenworthy
2021-04-01  7:13 ` Ramon Fischer
2021-04-01  7:21   ` Ramon Fischer
2021-04-01 10:08     ` William Kenworthy
2021-04-01 11:28       ` [gentoo-user] Disable password required to mount removable hard disk. (solved) William Kenworthy
2021-04-01 11:58         ` Ramon Fischer
2021-04-01  8:12   ` [gentoo-user] Disable password required to mount removable hard disk William Kenworthy
2021-06-18  6:13     ` Hund
2021-06-18 12:24       ` William Kenworthy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox