Do not require a password every time to mount internal disks

polkit-policy-file-validate does not apply to the new-style files in /usr/share/polkit-1 (it's for the old policykit).

The password issue is a common complaint, I'll devote this report to that.

Confirmed: replacing occurrences of <allow_active>auth_admin_keep</allow_active> with <allow_active>yes</allow_active> does make the problem disappear. There is more than one occurrence of this line. I don't know what difference this actually makes from a policykit / security standpoint -- but it does mean that I can mount my internal windows drives without a password now.

I just discussed this with upstream. I think the best way forward is to use the configurability of polkit to allow org.freedesktop.devicekit.disks.filesystem-mount-system-internal for admin users without a password.

http://git.debian.org/?p=pkg-utopia/devicekit-disks.git;a=commit;h=2164f8212a17a3f4ed08ca64411d3cbbec5594b9

This bug was fixed in the package devicekit-disks - 009-1ubuntu2

---------------
devicekit-disks (009-1ubuntu2) lucid; urgency=low

  Resynchronize to Debian git head, no remaining Ubuntu changes.

  [ Michael Biebl ]
  * debian/patches/09-reiserfs-support.patch
    - Add support for ReiserFS.

  [ Martin Pitt ]
  * Add debian/local/ubuntu.pkla: Allow passwordless file system operations
    for local foreground admin user sessions on Ubuntu. Install it in
    debian/rules. (LP: #465054)
  * Add 02-allow-simulated-smart.patch: Allow simulated SMART data on
    non-SMART devices. This is both useful for testing DK-disks itself, as
    well as recreating bugs with SMART handling. (fd.o #24772)
  * Add 03-hide-configuration-partition-12.patch: Hide Compaq recovery
    partition type 0x12. (fd.o #24999, LP: #451304)
  * Add 04-hide-wd-smartware-partition.patch: Ignore Western Digital SmartWare
    partitions. (fd.o #25009, LP: #474790)
  * Add 06-guid-partition-flags.patch: Fix setting flags for GUID partitions.
    (fd.o #25034)
 -- Martin Pitt <email address hidden> Wed, 11 Nov 2009 17:42:19 +0100

Any chance this could be released as an update for Karmic?

In karmic you always need to insert your password when you want to mount a partition, pretty boring.

While it could be suggested that careful editing the appropriate line /usr/share/polkit-1/actions/org.freedesktop.devicekit.disks.policy could achieve the same result in karmic, the lucid 'fix' seems better and cleaner .

Not to mention that injudicious editing of the files in actions can lead to unintended results and shouldn't be encouraged

The patch for lucid ( creation of a file in /var/lib/polkit-1/localauthority/10-vendor.d 0) seems to also work in karmic, have done so here with the intended correct result and with no apparent ill effects ( though could stand to be corrected by those who know better if need be.

Waiting for an update in karmic, as said by Doug, the patch for lucid also works for me:

Put the following in /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.DeviceKit.Disks.pkla

[No password required for admins]
Identity=unix-group:admin
Action=org.freedesktop.devicekit.disks.filesystem-*
ResultActive=yes

And reboot. (reconnect ?)