1
2
I don't like the idea of a non-root user being able to mount partitions on my system (or mount them with write-privileges to be more specific). Even though mount
only works for root users, my file manager dolphin
can mount partitions without root access. I came across this answer, but removing my user from plugdev
didn't change anything. Then I found out that udisksctl
might have to do something with it, but I couldn't find a way to disable udisksctl
for users (editing /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy
didn't change anything), so I just renamed /usr/bin/udisksctl
and restarted and... dolphin
can still mount partitions.
Now my question: How can I make mounting partitions only possible for root users?
1I'm on Kubuntu 16.04. Confirmed:
plugdev
group is no use. You're about right, mounting is done byudisks2
. You can stop it bysystemctl stop udisks2.service
but I don't know the side effects of such action. I'd rather modify polkit rules but gosh! – this thing seems overly complex with config(?) files in/var/lib/polkit-1/
,/usr/share/polkit-1/
,/etc/polkit-1/
. – Kamil Maciorowski – 2017-09-05T18:21:15.430@KamilMaciorowski Thanks for the hint.
systemctl mask udisks2
+reboot solved the problem for me.udisksctl
spits out errors now, when run from terminal,dolphin
doesn't even see partitions anymore (even mounted ones) and my encrypted home directory is still mounted on login. So far I didn't encounter any problem. I would still be glad to see a solution based on changing privileges (polkit-1) instead of shutting down a service. – Cubi73 – 2017-09-05T19:17:08.5671
Related: Prevent copying data to usb devices in Linux Ubuntu 16.04.
– Kamil Maciorowski – 2018-04-06T06:42:10.907