Knowledge Base

If you use a graphical file manager and want to take advantage of automatically mounting .iso files, you might be prompted to authenticate as an authorized user. This interrupts the workflow, and should not happen.

![XFCE PolicyKit Agent warning about authentication required to perform an

action](/2019/01/Screenshot_2018-12-29_20-30-30.jpg) Workflow interruption detected! A Linux guru is needed if you want to automate this.

Here is a polkit rule you can make and place in the /usr/lib/polkit-1/rules.d directory. I don't think freeipa has policykit abilities, so you have to apply this file locally for any system that needs it. https://gitlab.com/snippets/1793736

// File: /usr/share/polkit-1/rules.d/mount-iso.rules
// File: /usr/share/polkit-1/rules.d/mount-iso.rules
// Author: bgstack15
// Startdate: 2018-12-29 19:18
// Title: PolicyKit Rules for Allowing FreeIPA admins to mount loop devices for ISO files
// History:
// Usage:
// Reference:
//    https://www.freeipa.org/page/Howto/FreeIPA_PolicyKit
//    lightdm.rules
//    https://askubuntu.com/questions/536405/location-of-policykit-log-output/536432#536432
// Documentation: comments are C-style
polkit.addRule(function(action, subject) {
    if ( (action.id.indexOf("org.freedesktop.udisks2.filesystem-mount-system") == 0) || 
         (action.id.indexOf("org.freedesktop.udisks2.loop-modify-others") == 0) ) {
        polkit.log("action=" + action);
        polkit.log("subject=" + subject);
        if (subject.isInGroup ("wheel") || subject.isInGroup("admins") || subject.isInGroup("cdrom")) {
            return polkit.Result.YES;
        }
    }
});

I realize the logic is crude so if you have any improvements, please share them!