Home / ubuntu / Questions / 185718
Accepted
Anwar
Asked: 2012-09-09 22:47:57 +0800 CST

Allow non-admin users to mount drives via nautilus

  • 772

I want to give mount privilege to the non-admin users to mount the drives via nautilus. I don't want them to give other admin privilege. I also don't want to use setuid method.

How can I achieve this? I'm using Ubuntu 12.04.

mount

1 Answers

  1. Best Answer

    I solved this problem by changing the default policy. There are three ways to achieve this:

    By giving privilege to a group

    1. First create a group mounter by using this command:

       sudo addgroup mounter

    2. Then add the non-admin users to this group. For examle, I'm adding non-admin user normal to this group.

       sudo adduser normal mounter

    3. Then open the policy file with admin privilege.

       gksu gedit /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla

    4. At the top of the file there is a section like this:

      [Mounting, checking, etc. of internal drives]
Identity=unix-group:admin;unix-group:sudo;
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*
ResultActive=yes

      Add unix-group:mounter; after Identity=unix-group:admin;unix-group:sudo; at the first line of the section. The changed section will look like this

      [Mounting, checking, etc. of internal drives]
Identity=unix-group:admin;unix-group:sudo;unix-group:mounter;
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*
ResultActive=yes

    That's it. Now the non-admin users can mount the drives without requiring admin-password. They only need to be added to the mounter group. Note to add a user novice to the group mounter, execute this command: sudo adduser novice mounter.

    By giving privilege to specific user

    If you don't want to create another group, you can just add their user name (login name) in that file.

    1. Open the policy file with admin privilege. You can type this command in a terminal or in the dash prompt by Pressing Alt-F2.

       gksu gedit /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla

    2. Then add unix-user:<login-name> at the Identity line in the section [Mounting, checking, etc. of internal drives]. Remember to use the login name of the user, not the literal .. For example, if you want to give user tester this privilege, the line will be look like below

      [Mounting, checking, etc. of internal drives]
Identity=unix-group:admin;unix-group:sudo;unix-user:tester;
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*
ResultActive=yes

    3. Save the file and exit gedit.

    By giving privilege to all users

    The above two methods will not work for the default guess user in Ubuntu. Because, the guest user is created dynamically upon login and get deleted after logout.

    To workaround this, You can give all users this privilege.

    1. Open the policy file with admin privilege. You can type this command in a terminal or in the dash prompt by Pressing Alt-F2.

       gksu gedit /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla

    2. Then add unix-user:* at the Identity line in the section [Mounting, checking, etc. of internal drives]. After modification the section will look like below:

      [Mounting, checking, etc. of internal drives]
Identity=unix-group:admin;unix-group:sudo;unix-user:*;
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*
ResultActive=yes

    3. Save the file and exit gedit.

    UPDATES

    1. Tested in 14.04. It works the way it is described in the answer
    • 9