public
Last active

polkit rules file to allow normal users to mount internal disks

  • Download Gist
_Example polkit rules_.md
Markdown

Put your rules in /etc/polkit-1/rules.d/*.rules.

See the polkit(8) manpage for rule syntax. (It's JavaScript.)

If you don't know the action name, run pkaction.

To test your rules, use pkcheck.

pkcheck -u -p $$ -a org.freedesktop.packagekit.upgrade-system

networkmanager-wheel-noauth.js
JavaScript
1 2 3 4 5 6 7 8 9
/* Copy this to /etc/polkit-1/rules.d/80-networkmanager-wheel-without-authentication.rules
*/
 
polkit.addRule(function(action, subject) {
if (/^org\.freedesktop\.NetworkManager\./.test(action.id) &&
subject.local && subject.active && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
packagekit-restrict.js
JavaScript
1 2 3 4 5 6 7 8 9 10 11 12
/* Copy this to /etc/polkit-1/rules.d/packagekit-restrict.rules
*/
 
polkit.addRule(function(action, subject) {
if (/^org\.freedesktop\.packagekit\./.test(action.id)) {
if (subject.local && subject.active && subject.isInGroup("wheel")) {
return polkit.Result.YES;
} else {
return polkit.Result.AUTH_ADMIN_KEEP;
}
}
});
udisks1-avoid-consolekit.js
JavaScript
1 2 3 4 5 6 7 8 9 10 11 12 13
/* Copy this to /etc/polkit-1/rules.d/udisks-no-consolekit.rules
*/
 
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.udisks.filesystem-mount") {
if (subject.isInGroup("wheel"))
return polkit.Result.YES;
else
return polkit.Result.AUTH_ADMIN_KEEP;
} else if (/^org\.freedesktop\.udisks\./.test(action.id)) {
return polkit.Result.AUTH_ADMIN_KEEP;
}
});
udisks1-wheel-is-god.js
JavaScript
1 2 3 4 5 6 7 8 9
/* Copy this to /etc/polkit-1/rules.d/always-allow-wheel.rules
*/
 
polkit.addRule(function(action, subject) {
if (/^org\.freedesktop\.udisks\./.test(action.id) && subject.isInGroup("wheel"))
{
return polkit.Result.YES;
}
});
udisks2-allow-mount-internal.js
JavaScript
1 2 3 4 5 6 7 8 9 10
/* Copy this to /etc/polkit-1/rules.d/allow-mount-internal.rules
*/
 
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
action.id == "org.freedesktop.udisks.filesystem-mount-system-internal") &&
subject.local && subject.active && subject.isInGroup("users")) {
return polkit.Result.YES;
}
});

If it looks like JavaScript, that's because it is JavaScript.

The variables are documented in polkit(8).

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.