Gnome disks is writing fstab without password

I have a fresh install of Manjaro Gnome edition. Using the gnome disks utility, I went to setup my additional mount points only to find that I can configure them without being prompted for the admin password.

Surely this cannot be the normal behaviour, fstab is root owned.

You sure it mounts them systemwide and not just for your user?

If it's your user only, then it just runs commands when you login.

I'm not mounting them, just configuring the mount points. I use the utility rather than editing fstab directly since it handles all the UUIDs for me. The utility writes the fstab file without asking for a password.

Since they are written to fstab, yes it is system wide for all users.

And you didn't get prompted for password when you opening Gnome Disks?

From what they state, the goal is to have the same behavior as Disk Utility in MacOSX. So, it is normal what you observed. The only difference is that MacOSX doesn't use fstab anymore.
https://wiki.gnome.org/Design/Apps/Disks

Nope, no password prompt at all. I thought it strange since I was always asked on Ubuntu.

I've never used mac, but I imagine this is not normal. A normal user should not be able to modify root owned files without a password.

1 Like

Agreed. You should report it as a bug upstream with Gnome if it does not exist already. Surely others might have found it strange aswell.

Found this:

Might be a Manjaro Settings Manager issue instead!

Would you happen to have a link to their bug tacker?

Also, in my experience, bug reports from unknown users often go ignored. Devs tend to brush us off as newbies.

Reading the other thread, it's related, but my user was created by the installer. My groups are simply unknown user username. I'm not a member of the storage group.

The user created by the Installer is automatically Administrator.
I made a test with a Standard user and not Administrator (as your main user is) and the behavior is the same as for an Administrator. BIG ISSUE !!!
Your USER will belong to this groups: sys lp wheel network video optical storage scanner power autologin YourUSER maybe with some slight differences ...
The Standard user i created belongs only to the group that is the same as is name, yet still can operate gnome-disk-utility as if was an Admin. That indeed must be reported. I'll look for the bug report link too ...
Cheers!

1 Like

This was exactly the issue in the other thread I linked. No idea if it's being looked at by the developers of MSM / Calamares. @philm

2 Likes

Can I leave this in the hands of you guys then? You have more experience of where to file these reports and the kind of information they require.

I made more tests including in a Fedora install (i know, please don't trow stones at me) :smiley:
The Standard user can indeed open, visualize and modify USB Disks without password, but once is about the ROOT/partitions/fstab is asked for the Administrator User Password (not the root), so it seems is working as in MacOSX.
I don't think there is a bug and maybe the other post is about something that was fixed. So, there is no bug to report.

But on manjaro it does not ask for password when editing fstab. This must surely be a bug in either Calamares or MSM then?

Not a bug? So anybody can boot up my system and remove my root and home mounts without being prompted for a password?

You mention USB disks? My disks are all internal. I launch 'disks', select my ROOT partition, click 'edit mount options', change its mount point, all without a password (it does however have a textual warning at the top of the window). That is not at all safe. It will take my 3 yr old son less than a minute to leave me with an unbootable system if he happens to mash the right keyboard keys (granted he could also happen to mash out my password but highly unlikely).

Bug or not, I don't want this behaviour. How can I fix it?

Is asking for the Administrator password if is a Standard user.

If knows your Administrator/User password. As a Standard user it can't make the changes without it.

Unless the permissions of /etc/fstab has somehow been changed!

My point is they don't need to know my password because they are NOT asked for it.

My /etc/fstab permissions:
-rw-r--r-- 1 root root 1106 Aug 21 16:21 /etc/fstab

It hasn't been changed. I should not be able to edit it without entering my admin password. Yet, launching gnome-disks as a normal user (without sudo) I am able to edit it.

My user groups are:
sys lp wheel network video optical storage scanner power autologin twifty
Which is the default as provided by the installer.

The storage group is not sufficient, as far as I know, permission to edit the fstab.

You are Administrator ... normal user is called Standard user ... :slight_smile:

I should still be required to enter my password to make such a change.

nano /etc/fstab will NOT allow me to write the file. gnome-files DOES. gnome-files SHOULD ask for my password, but it DOES NOT.

If gnome-files can write to -rw-r–r-- 1 root root without running as root, or asking for a pass, it is a security bug.

No matter, even as an administrator account you shouldn't be able to edit the fstab file without ever having to enter either the admin account's password or the root password. This is absolutely not as it should be. I noticed the same behaviour here on my machines before. Gnome disk utility edits the fstab directly, yet no password is required when starting the utility or when administering changes that affect the fstab file. I have stopped using it in the meantime.

1 Like

Forum kindly sponsored by