Excerpts from Fons Adriaensen's message of 2011-09-29 12:36:30 +0200: > On Thu, Sep 29, 2011 at 11:51:53AM +0200, Tom Gundersen wrote: > > > What you are seeing is udisks [0]. The policy that is implemented, if > > I understand correctly, is that udisks allows a user who is physically > > at the machine to mount the usb drive, but not remote users. > > > > This makes sense for two reasons: > > > > * A user who is physically present could just grab the usb stick and > > insert it in a laptop where he/she has whatever permissions necessary > > to do whatever they want, so no security is lost. > > This makes no sense. I don't mind if they use their own sticks > on their own laptop. I do if they use it one this particular > machine. > > > * Furthermore, you probably don't want have to ask the admin to set up > > a new entry in fstab for every usb drive that is plugged into your > > machine. > > Not necessary. Priveleges to do certain things are given > per user or to groups, it's done when a user's account is > set up and that's it. Sudo can handle this nicely. The fstab > entries for my own usb disks are there mainly because they > have dedicated mount points. > > The last thing I want as an admin is a 'parallel administration' > such as polkit, in particular if it can grant priveleges just > by adding some files to a directory. That's very convenient for > package managers etc. but it surely does not enhance security. > > > If you don't like the way this works you could override the policy > > (look for udisks PK files) or you could just disable / uninstalll > > udisks. > > Don't worry, there's no udisks on any machine I control. Nor Gnome > or KDE for that matter. > > I do have polkit though, for just one reason: emacs -> gconf -> polkit. > So as my vim skills improve I'll probably get rid of emacs and gconf > some time. > > Ciao, As a somewhat hackish workaround there's the gconf-no-polkit package in AUR: https://aur.archlinux.org/packages.php?ID=41983 Works well enough for me. I also need gconf for a single package only.
