Page MenuHomeSolus

GNOME Disks doesn't request sudo privilege when formatting drives (/dev/sdX)
Closed, WontfixPublic

Description

When formatting a HDD (/dev/sdX) with GNOME Disks, typically it will ask for sudo privileges before beginning the format. This is what happens on Fedora, at least (tested Fedora 28 with GNOME 3.28.2, same as Solus, and Fedora 29 with GNOME 3.30.2). On Solus, sudo privileges are never requested and the drive is formatted as if sudo privileges have been granted. This could potentially result in someone, be it the owner or third party, wiping the main OS drive for example.

This reddit thread has a bit more info regarding some of the testing I've done (with an included video from a fresh install), but it's essentially summed up in the initial paragraph.
https://www.reddit.com/r/SolusProject/comments/aasd4c/gnome_disks_doesnt_ask_for_password_for_harddrive/
https://youtu.be/OCoBhf1ZB2w (video shows that sudo privileges are not requested even on fresh install).

Event Timeline

I think this is a suggestion for upstream.

I'm definitely no expert on these things, but as I stated it behaves exactly as expected on Fedora, and as far as I'm aware, Fedora is about as vanilla GNOME as it gets. So this leads me to believe this is a Solus issue. It's also throwing me about that Girtablulu in the reddit thread was saying that he was getting the sudo privilege request in his testings, on what I can only assume to be Solus.

Anyway, If I'm way off here, let me know definitively and I'll happily suggest it to the gnome disks gitlab.

I am not getting any requests for typing my password when using disks and I am quite happy with not having to both with it. I don’t really see it needed when my login password for my account is the same as my sudo account...

Oh, wait. I don't read the fedora bits. I think we can add custom rule in polkit, to make sure only administrator or user in certain group can format or do something equally destructive like editing mountpoint in fstab.

DataDrake triaged this task as Needs More Info priority.Jan 20 2019, 1:27 PM
DataDrake added a subscriber: DataDrake.

I need to know which editions each of you is testing on please.

I test it on Solus Budgie and Gnome

JoshStrobl added a subscriber: JoshStrobl.

The reason it works this way is because we use a fork of polkit without JavaScript that has additional functionality developed by Ikey for InUnixGroups= and InUserNames=, to enable rules to apply for users in specific groups. This applies, for example, in our udisks polkit keyrules file to allow users in wheel permission to perform various udisks2 operations (handy in a live environment, for example). udisks2 is leveraged by GNOME Disks.

So, this is working as intended. You're still having to authenticate as a user on log in so I do not see how this is problematic. It's simply different than what some other operating systems do, which isn't necessarily bad or undesired.