Post date: May 21, 2014 12:35:41 PM
At least on FC19, when a medium is inserted, all users logged in at a graphical console are requested whether they want to authenticate and mount it. This is exceedingly inconvenient e.g. when using Xvnc, because the remote user “steals” the medium from the console one until he answers the authentication request. This happens regardless of unix permissions and FC’s claimed support for multi-seat.
Turns out that this behaviour is due to the polkit system (God knows why yet another authentication system was necessary, to be configured no less than with javascript code). The following snippet, placed e.g. in /etc/polkit-1/rules.d/60-nobody-but-wheel.rules , inhibits non-wheel users from participating to the authentication-feast upon volume insertion.
polkit.addRule(function(action, subject) { if (!subject.isInGroup("wheel")) { return polkit.Result.NO; } });