umount is a UNIX command that adheres to the traditional UNIX perspective that unmounting a filesystem is a system administration task.

The rationale behind is that unmounting a filesystem, if poorly planned or executed, could be disruptive, even destructive, especially on a multiuser system. So regular users are protected from this potentially dangerous command and only root or a privileged user is allowed to execute it.

This makes a lot of sense when UNIX is used as a server operating system, but a UNIX-based desktop OS (for example, OS X or Ubuntu) has other needs: any user should be able to unmount flash drives, removable harddrives, etc.

The Finder and diskutil (see man diskutil for more information) work this way. For example, I can open Terminal and successfully run:

$ diskutil unmount /Volumes/Untitled
Volume Untitled on disk2s2 unmounted

whereas umount fails:

$ umount /Volumes/Untitled
umount: unmount(/Volumes/Untitled): Operation not permitted

What is the Finder or diskutil doing differently? Behind the scenes, they send a request to a daemon called com.apple.SecurityServer (see man page for more information), which grants the right to unmount the filesystem:

$ tail -f /var/log/system.log
Feb  6 16:57:37 avallone.local com.apple.SecurityServer[17]: Succeeded authorizing right 'system.volume.removable.unmount' by client '/System/Library/CoreServices/Finder.app' [171] for authorization created by '/System/Library/CoreServices/Finder.app' [171] (100013,0)
Feb  6 16:57:37 avallone.local com.apple.SecurityServer[17]: Succeeded authorizing right 'system.volume.removable.unmount' by client '/usr/sbin/diskarbitrationd' [18] for authorization created by '/System/Library/CoreServices/Finder.app' [171] (100002,0)
Feb  6 17:01:46 avallone.local com.apple.SecurityServer[17]: Succeeded authorizing right 'system.volume.removable.unmount' by client '/usr/sbin/diskutil' [646] for authorization created by '/usr/sbin/diskutil' [646] (100013,0)
Feb  6 17:01:46 avallone.local com.apple.SecurityServer[17]: Succeeded authorizing right 'system.volume.removable.unmount' by client '/usr/sbin/diskarbitrationd' [18] for authorization created by '/usr/sbin/diskutil' [646] (100002,0)

This allows any user to unmount a drive without requiring additional authentication. (Ubuntu has a similar philosophy. If you are interested, take a look at this answer on AskUbuntu.)

To support the behavior explained above the Finder and diskutil use several Apple frameworks:

$ otool -L $(which diskutil) | grep Disk
/System/Library/PrivateFrameworks/DiskManagement.framework/Versions/A/DiskManagement (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration (compatibility version 1.0.0, current version 1.0.0)
$ otool -L /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder | grep Disk
/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration (compatibility version 1.0.0, current version 1.0.0)
/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/DiskImages (compatibility version 1.0.8, current version 344.0.0)
/System/Library/PrivateFrameworks/DiskManagement.framework/Versions/A/DiskManagement (compatibility version 1.0.0, current version 1.0.0)

umount, on the other side, is only linked to this dynamic library:

$ otool -L $(which umount) 
/sbin/umount:
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 169.3.0)

(/usr/lib/libSystem.B.dylib uses several other libraries, but isn't linked to any framework.)