PolicyKit will control access to certain applications and devices. It is one of the safest ways to grant a user direct access. PolicyKit configuration and support is already set up for you. A new version of PolicyKit, PolicyKit-1, is now used for PolicyKit operations. Configuration files for these operations are held in /usr/share/polkit-1. There is, yet, no desktop tool to use to configure these settings. The desktop tool, policykit-gnome, is still available, but applies to the older version of PolicyKit, which held configuration files in the /usr/share/PolicyKit directory.
Note: External hard drives, such as USB connected hard drives, are mounted automatically
Difficulties occur if you want to change the authorization setting for certain actions, like mounting internal hard drives. Currently, you can change the settings by manually editing the configuration files in the /usr/share/polkit-1/actions directory, but this is risky. To make changes you first have to know the action to change and the permission to set. The man page for polkit will list possible authorizations. The default authorizations can be allow_any for anyone, allow_inactive for a console, and allow_active for an active console only (user logged in). These authorizations can be set to specific values, which are listed here.
auth_admin : Administrative user only, authorization required always
auth_admin_keep : Administrative user only, authorization kept for brief period.
auth_self : User authorization required
auth_self_keep : User authorization required, authorization kept for brief period.
yes : Always allow access
no : Never allow access
You will need to know the PolicyKit action to modify and the file to edit. The action is listed in the PolicyKit dialog that prompts you to enter the password (expand the Details arrow) when you try to use an application. The File will be the first segments of the action with the suffix policy attached. For example, the action for mounting internal drives is:
org.freedesktop.udisks.filesystem-mount-system-internal
Its file is:
org.freedesktop.udisks.policy
The file is located in the /usr/share/polkit-1/actions directory. Its full path name is:
/usr/share/polkit-1/actions/org.freedesktop.udisks.policy
Users with administrative access, like your primary user, can mount internal partitions on your hard drives automatically. However, users without administrative access require authorization using an administrative password before they can mount a partition. Should you want to allow non-administrative users to mount partitions without an authorization request, the org.freedesktop.udisks.policy file in the /usr/share/polkit-1 directory has to be modified to change the allow_active default for filesystem-mount-system-internal action from auth_admin_keep to yes. The auth_admin_keep option requires administrative authorization.
Enter the following to edit the org.freedesktop.udisks.policy file in the /usr/share/polkit-1/actions directory:
sudo gedit /usr/share/polkit-1/actions/org.freedesktop.udisks.policy
Locate the action id labeled as:
<action id =”org.feedesktop.udisks.filesystem-mount-system-internal”>
<description>Mount a system-internal device</description>
This is usually the second action id. At the end of that action section, you will find the following entry. It will be located within a defaults subsection, <defaults>.
<allow_active>auth_admin_keep</allow_active>
Replace auth_admin_keep with yes.
<allow_active>yes</allow_active>
Save the file. Non-administrative users will no longer have to enter a password to mount
