diff --git a/tools/hal-storage-mount.c b/tools/hal-storage-mount.c
index ae14181..4628067 100644
--- a/tools/hal-storage-mount.c
+++ b/tools/hal-storage-mount.c
@@ -92,6 +92,14 @@ permission_denied_etc_fstab (const char *device)
 }
 
 static void
+permission_denied_uid (const char *device, const char *uid)
+{
+	fprintf (stderr, "org.freedesktop.Hal.Device.Volume.PermissionDenied\n");
+	fprintf (stderr, "Refusing to mount device %s for uid=%s.\n", device, uid);
+	exit (1);
+}
+
+static void
 already_mounted (const char *device)
 {
 	fprintf (stderr, "org.freedesktop.Hal.Device.Volume.AlreadyMounted\n");
@@ -812,6 +820,13 @@ handle_mount (LibHalContext *hal_ctx,
                 }
                 libhal_free_string (polkit_result);
         }
+#else
+	/* root can do everything; only allow handling removable devices
+	 * without uid change to non-root users */
+	if (!invoked_by_uid || strcmp(invoked_by_uid, "0"))
+		if (!action || strcmp (action, "org.freedesktop.hal.storage.mount-removable"))
+			permission_denied_uid (device, invoked_by_uid);
+
 #endif
 
 #ifdef DEBUG