Allow a specific user mount NTFS drives

Hello! :slight_smile:
I am new to openSUSE - I have installed it less than a week ago, and before I used Ubuntu for 3 years. My first impression is that openSUSE is just AMAZING! Now the question itself.
On Ubuntu, I used the second option from this AskUbuntu question to allow a specific user mount drives: http://askubuntu.com/a/185719/514706
Now I am trying to do the same for openSUSE. After some web search, I have not found such a simple and relatively safe way.

So, what is the preferable way to allow a specific user mount drives on openSUSE Leap 42.2? Thanks in advance.

How far did you get, or, where got you stuck in following the recipe from the article (probably editing Polkit config)?

Well, the first obstacle was that the /var/lib/polkit-1/ directory does not exist, and /var/lib/polkit/ is empty.
Then I found /etc/polkit-1/rules.d/, but both files there say they are not to be edited…

Create your own file in [FONT=Consolas]/etc/polkit-1/rules.d/.
[/FONT]The files are evaluated in alphabetical order, so yours should start with a number smaller than 99, so that it overrides openSUSE’s system defaults, e.g. 51-allowmounts.rules .

But that askubuntu article is very outdated, it doesn’t apply to current polkit versions (and it also talks about udisks1 while most desktops use udisks2 meanwhile)
Nowadays you need to write your rules in javascript (since a few years already).

See here for a current one:
https://wiki.archlinux.org/index.php/Polkit

A snippet like this should allow a particular user to mount system partititions (this is what you apparently want to do):

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
        subject.user == "*username*")
    {
        return polkit.Result.YES;
    }
});

(untested though… :wink: )

Of course you have to substitute username with the actual name of the user whom you want to allow this.
Or use subject.isInGroup(“groupname”) instead (like shown in the Arch wiki) to allow it for a certain group.

I am not a Polkit guru (I asked you for more information to make it easier for others to help you), but IMHO you do not want to edit those existing rule files, but to add new rule files. This idea is based on the more general case where these numbered config/rules files are used. Do not alter them, but add new ones with numbers that fit into the sequence the rules should be applied.

Edit: I assume you read

man polkit

Thanks a lot, wolfi323! That’s exactly what I needed! :slight_smile:

There is another simple method - add this line to /etc/sudoers:
username computername=NOPASSWD:/bin/mount,/bin/umount

You have to substitude username with the login name of the user and computername of course with the hostname of the computer. To mount your user only has to use the command

sudo mount -t ntfs .......

Cheers
Uli