Why does dolphin "mount on click" drives that have been removed from fstab?

English Applications
1

I have an external hard drive (Seagate BUP slim) with some partitions meant for backups that I don’t want to mount on click - rather I would like that they should require the root password to mount. The partitions themselves are owned by the single user (me). But whatever I do - including trying various fstab options and finally removing the partitions from fstab (via the Yast partitioner), dolphin still mounts them on click. How do I tell it to respect fstab?

This is a new install of Leap 42.2. Was using 13.1 earlier. BTW, am finding 42.2 a bit of a disappointment in terms of look, feel and touch - clunky compared to 13.1 - and a bit prone to crashes (kde/plasma). Wonder if anyone else feels the same.

Thank you.

2

You can’t (except that it will mount to the mount point specified in the fstab, to /run/media/$USER/xxx/ otherwise).

Dolphin/KDE uses udisks2 (and GNOME e.g. too) for this.
Whether a password is required or not is governed by polkit.

On a default setup/installation, logged in users are allowed to mount removable/external disks/media without having to enter a password, and I would argue that this is what most users expect.

If you do want to require a password, change the security level to “secure”, but this will have other effects too (e.g. you’ll have to enter the root password to install updates via the desktop update applet).
You can use YaST->Security and Users->Security Center and System Hardening for that (Miscellaneous Settings->File Permissions), or edit /etc/sysconfig/security with a text editor (set PERMISSION_SECURITY to “secure local” and run “/sbin/set_polkit_default_privs” afterwards to actually apply the changes).

Or, you can just override the settings for this (or other) particular action(s) in /etc/polkit-default-privs.local.
Add this line with a text editor for requiring the root password:

org.freedesktop.udisks2.filesystem-mount                auth_admin

You can change “auth_admin” to “auth_self” to request the user password, or to “no” to forbid mounting completely if you wanted to.

Again you have to run /sbin/set_polkit_default_privs afterwards to apply the change.

This is no different to 13.1 btw… :wink:

BTW, am finding 42.2 a bit of a disappointment in terms of look, feel and touch - clunky compared to 13.1 - and a bit prone to crashes (kde/plasma). Wonder if anyone else feels the same.

Well, it runs perfectly stable here.
If Plasma crashes, it’s most likely due to the graphics driver though.

The look and feel is configurable. If you don’t like the default one, just change it.
It can be made to look quite similar to 4.x (as used in 13.1). You may have to install some oxygen* packages manually though (oxygen was the default look and feel in “KDE4”).

3

I used the second option (modifying etc/polkit-default-prives) as it seems to have the least effect on other aspects of security.

Going through the page:
http://storaged.org/doc/udisks2-api/latest/udisks-polkit-actions.html
It looks like the security can be applied at a finer grained level also. For example, since I did not really want mounting of some of my internal drives to require admin privileges, I first tried

org.freedesktop.udisks2.filesystem-mount-other-seat                auth_admin

But that did not work.

On the other hand simply modifying org.freedesktop.udisks2.filesystem-mount, as you suggested, did work and it did not change the security for my internal drives (perhaps because they were set in fstab).

There is however this caution on the page:

The polkit actions are not considered stable and may change from release to release so administrators should take notice when upgrading from one version of udisks to another.

Also I noticed is that, prior to these modifications, mounting *Internal *drives that were not in fstab required root privileges, but the external BUP slim did not. So, as you mentioned above, the external drives are treated differently.
Thanks for your help.

Regarding the graphics driver, I’m using nvidia’s proprietary driver (400+) series. I had used this in the latter period of my 13.1 installation also. Anyway, kde seems fine so far after installing a few updates. Nevertheless the interface feels slower including application load times, boot time also definitely feels slower (about 2.5 minutes from power on) - had never timed it earlier. And the default UI is visually quite bad (sorry).

On the other hand, for example, it recognized my external hard drive instantly on plug-in which was not the case with 13.1. Both sound cards worked without having to fiddle with any settings. Generally it looks like it is easier to use for non-experts.
Regards.

4

Yes, because that is for users on other “seats”… :wink:

On the other hand simply modifying org.freedesktop.udisks2.filesystem-mount, as you suggested, did work and it did not change the security for my internal drives (perhaps because they were set in fstab).

Mounting internal drives does require root privileges in any case. (unless they are set in fstab with the “user” option)

The polkit rule that affects that would be “org.freedesktop.udisks2.filesystem-mount-system” btw, which is set to “auth_admin”/“auth_admin_kepp” by default even for the “easy” rules.

There is however this caution on the page:

I don’t think that applies any longer.
At least there has not been any change since years…