udisks/polkit - automounting USB storage device fails; unprivileged user can't mount USB attached storage device using gui tools (authentication failure)

Is the USB drive always connected to the system at boot?

Makes no difference, same behavior if USB drive connected at boot or
attached to running system.

The problem is not that the drive is not detected, this is about an
unprivileged user being able to mount a storage device under /media which
used to work but then stopped after a reboot. The system is set to
automount USB devices, i.e.

gsettings get org.gnome.desktop.media-handling automount

returns "true"

I am fairly certain that this has to do with polkit and authentication
agent, but I'm not sure how to troubleshoot it.

On Tue, Oct 6, 2020, 4:16 AM actionparsnip <
<email address hidden>> wrote:

> Your question #693294 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/693294
>
> Status: Open => Needs information
>
> actionparsnip requested more information:
> Is the USB drive always connected to the system at boot?
>
> --
> To answer this request for more information, you can either reply to
> this email or enter your reply at the following page:
> https://answers.launchpad.net/ubuntu/+question/693294
>
> You received this question notification because you asked the question.
>

What's file system does the USB use? Ext4? NTFS? FAT32?

Also does not matter, same behavior regardless of filesystem — etx4, btrfs,
fst32, etc

On Tue, Oct 6, 2020, 4:35 PM actionparsnip <
<email address hidden>> wrote:

> Your question #693294 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/693294
>
> Status: Open => Needs information
>
> actionparsnip requested more information:
> What's file system does the USB use? Ext4? NTFS? FAT32?
>
> --
> To answer this request for more information, you can either reply to
> this email or enter your reply at the following page:
> https://answers.launchpad.net/ubuntu/+question/693294
>
> You received this question notification because you asked the question.
>

Is there an entry for that file system in /etc/fstab ?
What is shown in dmesg when you insert the USB device?

This is not about a particular filesystem or device — any USB storage device exhibits the same behavior.

So, no, no entry in fstab. And dmesg shows no errors or other unusual output. The device(s) are recognized, and as I said in my original post, I can mount manually from command line using

udisksctl mount {followed by appropriate options specifying filesystem}

which asks for my password and then mounts the filesystem in question. This is why I am convinced this is about the interaction of udisks, polkit, and the session agent or auth agent. Something (and this is what I can't figure out) happened during the previous session, that only became apparent after a reboot, that resulted in the unprivileged user's credentials not being presented to polkit when udisks requests it for the event. So I see the same failure to mount the device happen if it's an automount, when a device is first attached the USB port, or if I use gnome-disks, or nautilus to attempt to mount the fs manually. The users credentials are not being presented, even though the user is allowed to mount the device.

I've been trying to make sense of the polkit manpages to figure this out, but I am just not seeing how to troubleshoot this further, even though it seems clear to me that the authentication agent is either not responding at all or not responding correctly.

Some more information — I tried the following (3779 is the pid of a running instance of gnome-disks) :

pkcheck --action-id org.freedesktop.udisks2.filesystem-mount --process 3779 -u

this returns

Authorization requires authentication but no agent is available.

If I run the command as

$ pkcheck --action-id org.freedesktop.udisks2.filesystem-mount --process 3779 --enable-internal-agent -u

it returns

==== AUTHENTICATING FOR org.freedesktop.udisks2.filesystem-mount ===
Authentication is required to mount the filesystem
Authenticating as: Neil Danziger,,, (neil)
Password:
==== AUTHENTICATION COMPLETE ===

when I supply my user password. This is the same behavior I see when running

udisksctl mount

So this supports my theory the what is missing is an authentication agent. I know that this is supposed to be supplied by the desktop session, but I haven't yet figured out the executable that is supposed to be running but isn't, nor where it it supposed to be started from, or what might have caused this to change. I realize that I should have specified in the initial post that this is all happening under gnome desktop.

So I gather that the authentication agent is /usr/lib/policykit-1/polkit-agent-helper-1

What I have not been able to find is how is that supposed to be called in a GUI session? If I try to run it from command line it complains

polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.
FAILURE

So clearly it is meant to be called by another process running as part of the session.

Any help figuring this out will be much appreciated.

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Anyone with any idea how to figure this out?

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

bump

I had a similar problem:
- automounting usb device gives error message "Not authorized to perform operation"
- When I try to mount from gnome-disk it fails with error message "Not authorized to perform operation (udisks-error-quark, 4)"
Surprisingly,
- If I launch gnome-disk from system parameter, it works (but fails if launched from the global menu)
- this was just related to my account: If I used another account, automount is OK!

After searching internet how to solve that problem, I found the root cause of my problem was related to the package "Chrome Remote Desktop Beta". If I stop the service `chrome-remote-desktop` then the automount becomes OK.

Thank you, that solves it for me as well.

On Tue, Nov 17, 2020, 6:26 AM lucge <email address hidden>
wrote:

> Your question #693294 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/693294
>
> lucge posted a new comment:
> I had a similar problem:
> - automounting usb device gives error message "Not authorized to perform
> operation"
> - When I try to mount from gnome-disk it fails with error message "Not
> authorized to perform operation (udisks-error-quark, 4)"
> Surprisingly,
> - If I launch gnome-disk from system parameter, it works (but fails if
> launched from the global menu)
> - this was just related to my account: If I used another account,
> automount is OK!
>
> After searching internet how to solve that problem, I found the root
> cause of my problem was related to the package "Chrome Remote Desktop
> Beta". If I stop the service `chrome-remote-desktop` then the automount
> becomes OK.
>
> --
> You received this question notification because you asked the question.
>

Thank you, lucge (luc-loiseau), chrome remote desktop seems to be the cause for me as well. My initial searches did not find that connection, but once I included they in my search I found many references to this issue.

Marking problem as solved