--- util-linux-2.19.1/mount/fstab.5.fix2	2011-05-02 23:54:34.000000000 +0400
+++ util-linux-2.19.1/mount/fstab.5	2011-05-02 23:54:36.491372987 +0400
@@ -195,8 +195,11 @@ allow a user to mount
 .TP
 .B owner
 allow device owner to mount
 .TP
+.B pamconsole
+allow a user at the console to mount
+.TP
 .B comment
 for use by fstab-maintaining programs
 .TP
 .B nofail
--- util-linux-2.19.1/mount/mount.c.fix2	2011-05-02 23:54:34.000000000 +0400
+++ util-linux-2.19.1/mount/mount.c	2011-05-02 23:54:36.491372987 +0400
@@ -119,16 +119,17 @@ struct opt_map {
 #define MS_USERS	0x40000000
 #define MS_USER		0x20000000
 #define MS_OWNER	0x10000000
 #define MS_GROUP	0x08000000
+#define MS_PAMCONSOLE	0x04000000
 #define MS_COMMENT	0x02000000
 #define MS_LOOP		0x00010000
 
 /* Options that we keep the mount system call from seeing.  */
-#define MS_NOSYS	(MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP)
+#define MS_NOSYS	(MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP|MS_PAMCONSOLE)
 
 /* Options that we keep from appearing in the options field in the mtab.  */
-#define MS_NOMTAB	(MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER)
+#define MS_NOMTAB	(MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER|MS_PAMCONSOLE)
 
 #define MS_PROPAGATION  (MS_SHARED|MS_SLAVE|MS_UNBINDABLE|MS_PRIVATE)
 
 /* Options that we make ordinary users have by default.  */
@@ -166,8 +167,10 @@ static const struct opt_map opt_map[] =
   { "_netdev",	0, 0, MS_COMMENT},	/* Device requires network */
   { "comment",	0, 0, MS_COMMENT},	/* fstab comment only (kudzu,_netdev)*/
 
   /* add new options here */
+  { "pamconsole",   0, 0, MS_PAMCONSOLE }, /* Allow users at console to mount */
+  { "nopamconsole", 0, 1, MS_PAMCONSOLE }, /* Console user has no special privs */
 #ifdef MS_NOSUB
   { "sub",	0, 1, MS_NOSUB	},	/* allow submounts */
   { "nosub",	0, 0, MS_NOSUB	},	/* don't allow submounts */
 #endif
@@ -480,9 +483,9 @@ parse_opt(char *opt, int *mask, char **e
 			if (om->inv)
 				*mask &= ~om->mask;
 			else
 				*mask |= om->mask;
-			if ((om->mask == MS_USER || om->mask == MS_USERS)
+			if ((om->mask == MS_USER || om->mask == MS_USERS || om->mask == MS_PAMCONSOLE)
 			    && !om->inv)
 				*mask |= MS_SECURE;
 			if ((om->mask == MS_OWNER || om->mask == MS_GROUP)
 			    && !om->inv)
@@ -1115,9 +1118,31 @@ restricted_check(const char *spec, const
 	      }
 	  }
       }
 
-      /* James Kehl <mkehl@gil.com.au> came with a similar patch:
+      /* Red Hat patch: allow users at console to mount when fstab
+ 	 contains the console option. This option should not be used
+	 in a high security environment but is useful to give console
+ 	 users the possibility of using locally attached devices
+         such as USB keychains and USB harddisks where it is now suitable
+	 to give the console owner write access to the device node */
+      if (*flags & MS_PAMCONSOLE) {
+	char *username;
+	char pamconsole_file_name[256];
+	struct stat sb;
+
+	username = getusername ();
+
+	if (username != NULL) {
+	  snprintf (pamconsole_file_name, sizeof (pamconsole_file_name),
+		    "/var/run/console/%s", username);
+	  if (stat (pamconsole_file_name, &sb) == 0) {
+	    *flags |= MS_USER;
+	  }
+	}
+      }
+
+       /* James Kehl <mkehl@gil.com.au> came with a similar patch:
 	 allow an arbitrary user to mount when he is the owner of
 	 the mount-point and has write-access to the device.
 	 This is even less secure. Let me skip it for the time being;
 	 there should be an explicit fstab line allowing such things. */
@@ -1131,9 +1156,9 @@ restricted_check(const char *spec, const
       if (*flags & MS_USER)
 	  *user = getusername();
   }
 
-  *flags &= ~(MS_OWNER | MS_GROUP);
+  *flags &= ~(MS_OWNER | MS_GROUP | MS_PAMCONSOLE);
 }
 
 /* Check, if there already exists a mounted loop device on the mountpoint node
  * with the same parameters.
--- util-linux-2.19.1/mount/umount.c.fix2	2011-05-02 23:54:34.000000000 +0400
+++ util-linux-2.19.1/mount/umount.c	2011-05-03 00:10:04.891424731 +0400
@@ -596,9 +596,9 @@ static int check_helper_umountprog(const
 static int
 umount_file (char *arg) {
 	struct mntentchn *mc, *fs;
 	const char *file, *options;
-	int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_group;
+	int fstab_has_user, fstab_has_users, fstab_has_owner, fstab_has_group, fstab_has_pamconsole;
 	int ok, status = 0;
 	struct stat statbuf;
 
 	if (!*arg) {		/* "" would be expanded to `pwd` */
@@ -729,15 +729,18 @@ umount_file (char *arg) {
 		fstab_has_user = contains(options, "user");
 		fstab_has_users = contains(options, "users");
 		fstab_has_owner = contains(options, "owner");
 		fstab_has_group = contains(options, "group");
+		fstab_has_pamconsole = contains(options, "pamconsole");
 		ok = 0;
 
 		if (fstab_has_users)
 			ok = 1;
 
 		if (!ok && (fstab_has_user || fstab_has_owner ||
-			    fstab_has_group)) {
+			    fstab_has_group || fstab_has_pamconsole)) {
+		        char pamconsole_file_name[256];
+			struct stat sb;
 			char *user = getusername();
 
 			options = mc->m.mnt_opts;
 			if (!options)
@@ -745,8 +748,16 @@ umount_file (char *arg) {
 			mtab_user = get_option_value(options, "user=");
 
 			if (user && mtab_user && streq (user, mtab_user))
 				ok = 1;
+
+			/*pam_console user check*/
+			if (user && fstab_has_pamconsole) {
+				snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), "/var/run/console/%s", user);
+	      			if (stat (pamconsole_file_name, &sb) == 0) {
+					ok = 1;
+	      			}
+			}
 		}
 		if (!ok)
 			die (2, _("umount: only %s can unmount %s from %s"),
 			     mtab_user ? mtab_user : "root",