Encrypted disk won't unlock anymore: Not authorized to perform operation (udisks-error-quark, 4)

The problem can be solved with sudo:

gksudo gnome-disks

then, operate normaly


The error code 4 returned by udisks2 (which is used by gnome-disks-utilities internally) is the constant UDISKS_ERROR_NOT_AUTHORIZED_CAN_OBTAIN in code.

This code is returned, if the current subject (the gnome-disks applications, actually) is not allowed to do the unlock operation, however it might be allowed if further authentication would be provided, typically by providing the system administrator's (root) password.

Such additional password query is typically handled by a so-called authentication agent. It seems that this agent is not setup correctly in your environment.

I had the same problem using gnome-disks within an i3wm-session (in archlinux -- however this should be similar under Ubuntu): After having installed the (legacy) "polkit-gnome" authentication agent (and starting it in a session startup script), I got first the passphrase dialog for specifying the LUKS passphrase of the device and then a second dialog asking for the root password.

The command line hack you mention can alternatively also be done using udisksctl in an cleaner way:

udisksctl unlock --block-device /dev/sda1
udisksctl mount --block-device /dev/mapper/my_encrypted_volume

Note that the udisksctl unlock will ask for the (same) two passwords as gnome-disks would do when the authentication agent is setup correctly. No need to use sudo here.

For further information, dig into udisks2 and polkit documentation or look into udisks2 source code directly. This is how I understood and finally solved the problem for me.


What helped me is very similar to Thrushbeard’s explanation, but I can’t post comments yet.

I installed mate-polkit and then executed /usr/lib/x86_64-linux-gnu/polkit-mate-authentication-agent-1. If you’re not using Mate, then there’s an overview over all the Polkit packages. Click the respective link on that wiki page and then “View the file list for [package]” to find the name of the executable for your environment. I hope it helps!