Only root can mount usb media

I have an issue with not being able to mount usb media as a normal user on OS 12.2 x86_64 Kde, asks for the root password every time

Tried all the things I found on this during searches both on google and this forum

Currently I have the default entry OS installation adds to fstab for usb commented out:

#usbfs                /proc/bus/usb        usbfs      noauto                0 0

I get the same behaviour with or without the comment in front of that line, numerous web results suggest there is no need for it to be there

Here’s my complete fstab:

LABEL=Suse           /                    ext4       nodiratime,noatime,discard,acl,user_xattr        1 1
LABEL=Home                                         /home                ext4       nodiratime,noatime,discard,acl           1 2
LABEL=Linux          /linux               ext4       noatime,user,acl,user_xattr,exec 1 2
LABEL=Var            /var                 ext4       acl,user_xattr        1 2
LABEL=Srv            /srv                 ext4       acl,user_xattr        1 2

none    /tmp    tmpfs    defaults    0 0

proc                 /proc                proc       defaults              0 0
sysfs                /sys                 sysfs      noauto                0 0
debugfs              /sys/kernel/debug    debugfs    noauto                0 0
#usbfs                /proc/bus/usb        usbfs      noauto                0 0
devpts               /dev/pts             devpts     mode=0620,gid=5       0 0

# entry for vbox usb subsystem
#usbfs /proc/bus/usb usbfs defaults,devmode=666 0 0

I’ve made a change to policykit as suggested on a bugzilla report I got directed to from a previous thread on this forum, this didn’t work either, the change I made is:

Open org.freedesktop.udisks.policy in an editor and find the entry:
 <action id="org.freedesktop.udisks.filesystem-mount-system-internal"> 

Then change this line: <allow_active>auth_admin_keep</allow_active> To this: 
<allow_active>yes</allow_active>

Save and reboot

Any idea on what else I might try greatly appreciated, any other info I need to provide please ask

Incidentally around the same time this started happening networkmanager also started asking for the root password to make any changes, not sure whether the two are related

You fail to explain what you do as normal user to get it mounted. Thus we can not know if you do that correct or not.
I use KDE and when I connect an USB storage device, I get a pop-up telling me. I then can click on the entry shown and am offered different possibilities. One of them being “open with file manager” (or similar). When I choose that, Dolphin is atrted and show the contents. Which mean of cours that it is mounted then.

How about you?

BTW, I have never touched fstab in this aspect. I suggest tthat you change this exactly into what it was. And may be you should change everything you changed, back to “normal” Because it works for most people without any fiddling.

I think we have to clarify whether the USB media is an permanent external hard drive or a removable USB stick. Certainly if is the latter, then it would be a very bad idea to try and automount it with fstab.

The suggestion above of using the media icon and opening it in Dolphin (for KDE) is the most convenient way I know of mounting a USB stick. If you want to do this from command line, the mount command (though not not necessarily umount) always requires root privileges to my knowledge. I find this slightly irritating when I’m in a console of a virtual terminal, especially as this is inconsistent with the ability to mount a USB device in KDE without root privileges. But I know of no convenient workaround.

Open with file manager is exactly what I do when the notification pops up, or I just click on the entry in the device list in the left-hand pane of dolphin if I already have dolphin open

A bug report exists for the issue so while it works for most people there must be scenarios other then mine where it doesn’t for there to have a bug report filed (https://bugzilla.novell.com/show_bug.cgi?id=784175). It doesn’t work for me with everything set as ‘normal’ or with the recommendations I found in searches, hence my asking

I am talking about removable usb ‘pen’ drives using ‘normal’ kde practices rather than the mount command in a console, I also get asked for the root password when I click the ‘Safely remove’ open on dolphin’s context menu

That makes it much clearer to understand what you do. Thanks.

To begin with the last. When you have it mounted using root, you of course has to be root to unmount. But that is “only” a side effect of your problem.

I read through the bug report. I remember it, there was a thrtead about it here.

It talks about update (of some form) to 12.2 vs. fresh install. What did you do?

It also talks about systemd vs. sysvinit. Are you using the default for 12.2: systemd?

I doubt, but it being a desktop feature, could you try a new users to see if it is reproducable there?

Just a few suggestions. The bug report does not realy provide a solution and that is not nice at all.

BTW, I have a 12.2 fresh on a test system here and it works as expected.

As explanation.
You always need root privileges to (u)mount. But the “you” there is only a way of saying. It means that only a process running with root as owner can do (u)mount. We all know this when we do it from a shell. But there are more processes doing this. Think about the processes that mount at boot and unmount at shutdown. They all run with owner root.
And desktop environments can communicate with a deamon program running with owner root and ask that deamon to (u)mount. Thus it only looks as if an end-user can do (u)mount. In fact the end-users asks via a very restrictive way (guarded by policykit) to do this. And the deamon checks for all sorts of security issues also. Thus this combination of programs makes it possible that a user can ask for (u)mount in another way then calling his system manager (which she/he is often him/herself btw) to do this for him as root. It is an automation of the system manager in a strictly controled environment.

user@dhcppc0:~> cd /media/
user@dhcppc0:/media> ls
user@dhcppc0:/media> lsusb
Bus 001 Device 006: ID 1307:0165 Transcend Information, Inc. 2GB/4GB Flash Drive
Bus 002 Device 002: ID 058f:6362 Alcor Micro Corp. Flash Card Reader/Writer
Bus 005 Device 002: ID 1038:1360 Ideazon, Inc. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
user@dhcppc0:/media> # Mounting USB stick using "Open with File Manager" (Dolphin)
user@dhcppc0:/media> ls
USB
user@dhcppc0:/media> umount /dev/sdd1
user@dhcppc0:/media> ls
user@dhcppc0:/media> 

I started with a textmode/server install then kde was added afterwards, I did leave out a couple of things like kde-pim, chat and graphics/camera software, nothing I’d expect to cause this behaviour and originally it behaved normally when opening usb removable media in dolphin

I did use this entry in fstab for about half an hour, it’s a known ‘fix’ for virtualbox usb support and usb drives have opened ‘normally’ since using it

# entry for vbox usb subsystem
#usbfs /proc/bus/usb usbfs defaults,devmode=666 0 0

Systemd as per the default

A newly created user experiences the same behaviour

Hm, interesting. The following is from the man umount page:

The uhelper (unprivileged umount helper) is possible to used when non-root user wants to umount a mountpoint which is not defined in the /etc/fstab file (e.g devices mounted by HAL).

Apart from the obselete mentioning of HAL (replaced by other software) This might point to what you succeed to do. But the sentence is not quite clear. Badly formulated and the whole section where this is part of is not realy understood by me :(.

@Ecky.
Thus it seems that the system did function correct earlier. The obligatory questin is tthhn: What was chnged? I have no doubt you contemplated about the same. But we have to ask.

Yes mate I’ve definitely contemplated the same

Some updates were done, as to what exactly got updated I can’t be precise but I don’t recall anything major like a kernel or grub update, mainly just apps and libraries/codecs/etc

Apache, samba and nfs server were installed and configured

Changed from ifup to networkmanager because sometimes I use an openvpn connection which is when I found that I can’t do anything in networkmanager without supplying the root password

Changed from a radeon 6870 to a radeon 5770 and added a third monitor during which process I updated the fglrx driver, still couldn’t get the third monitor working so reverted back to the opensource driver, the three monitor setup works fine with the opensource driver

Other than the above I can’t think of anything except maybe some kde app preferences

On 2012-12-05 22:56, Ecky wrote:

> Yes mate I’ve definitely contemplated the same
>
> Some updates were done, as to what exactly got updated I can’t be
> precise but I don’t recall anything major like a kernel or grub update,
> mainly just apps and libraries/codecs/etc

That’s easy to find out. The file /var/log/zypp/history contains the
list. Or you can make queries:

rpm -q -a --queryformat "%{INSTALLTIME};%{INSTALLTIME:day}; \
%{BUILDTIME:day}; %{NAME};%{VERSION}-%-7{RELEASE};%{arch}; \
%{VENDOR};%{PACKAGER};%{DISTRIBUTION};%{DISTTAG}
" \
| sort | cut --fields="2-" --delimiter=\; \
| tee rpmlist.csv | less -S

or

rpm -q -a --queryformat "%{INSTALLTIME}	%{INSTALLTIME:day} \
%{BUILDTIME:day} %-30{NAME}	%15{VERSION}-%-7{RELEASE}	%{arch} \
%25{VENDOR}%25{PACKAGER} == %{DISTRIBUTION} %{DISTTAG}
" \
| sort | cut --fields="2-" > rpmlist

> Apache, samba and nfs server were installed and configured
>
> Changed from ifup to networkmanager because sometimes I use an openvpn
> connection which is when I found that I can’t do anything in
> networkmanager without supplying the root password

I don’t know if that is normal. I had to change a rule or it was asking
mine to connect via mobile network.

> Other than the above I can’t think of anything except maybe some kde
> app preferences

There is a global setting, system security easy, secure, or paranoid, in
yast. The secure setting may have those effects.

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

I configure usb stick in the systemsettings
actions policy-org.freedesktop.org under the udisk project.
If you are using KDE.

I admit that you can do things there, but why? The normal defaults (as the OP experienced them from the beginnning and as I experience them) seem to be quite adequate. Why did you change (and what)? Just curiousity and maybe of some help with this prolem.

Hi,

I am having a problem posting in this forum yesterday and wasted sometime
posting a thread in the tumbleweed forum.

I have a desktop with openSUSE 12.2 KDE 4.8.x, Xfce 4.10 and LXDE
Installed from the dvd and later shifted to tumbleweed
I frequently use Xfce for drawings because it is a bit faster
I have no problem inserting usb stick, it mounts and I can unmount it
no problem as a user, but when KDE was upgraded to 4.9.3 I had the
problem unmounting a usb stick, it always prompt in kde to type the admin password.
As soon as it was unmounted there is a notification not detached the usb stick
(something like there is a data still to be written). In xfce also it started to have this problem.
That get me a bit frustrated.

This prompted me to modify the setting in KDE-systemsettings
In actions-policy-org.freedesktop-the Udisk project I modify
the mount/umount/ device and eject media like so

Implicit authorizations

Any - No
Inactive console - No
active console - Yes

Hm, I also have posting problems at the moment. Thaks for the explanation. Indeed there seems to be now a concept of “active session” (or “active console” or whatever), which looks as a great improvement upon the former (e.g. by HAL) attitude of not knowing who connected the USB stick. And the parameter values you show seem to be the correct ones to me. And what is more, they are the same as in my rather fresh 12.2 system. My conclusion is that when you have to change them to these values something borked them. Some update?

That was the one mate

In Yast > Security Center & Hardening the profile was set to Network Server

The Network Sever profile enables an option called Secure File Permissions, once I disabled that usb started working normally … and so did NetworManager, an unexpected bonus

Cheers for all the help guys, most appreciated

On 2012-12-07 11:46, Ecky wrote:
>
> robin_listas;2508828 Wrote:
>>
>>
>> There is a global setting, system security easy, secure, or paranoid,
>> in yast. The secure setting may have those effects.

> That was the one mate
>
> In Yast > Security Center & Hardening the profile was set to Network
> Server

Ah!!

> The Network Sever profile enables an option called Secure File
> Permissions,

That’s the one I was actually thinking of.

> once I disabled that usb started working normally … and
> so did NetworManager, an unexpected bonus

Yes, make sense. A Server does not use network manager.

> Cheers for all the help guys, most appreciated

Welcome

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Oops. Nice you found it (with Carlos’ brainwave as a starter).

The question now is, who set it to Network Server? And why? Is it a server of some kind, or just your home system? In the first case you should think twice before you switch off the hardening done for a reason.

It runs here at home, provides things like nfs & samba shares on the lan with http exposed to the outside world but running no sites as such, basically as a convenient way for myself and a few trusted individuals to access selected files off it

Used to run a mail domain off it but not since it was running 12.1

NetworkManager I only recently enabled as I couldn’t see how to use an openvpn connection with ifup in yast

As to who set it to Network Server in Yast I’m baffled, couldn’t have been anyone other than me and I don’t recall doing it, could something have set it during installation or updates maybe?