1
2
I don't like the idea of a non-root user being able to mount partitions on my system (or mount them with write-privileges to be more specific). Even though mount only works for root users, my file manager dolphin can mount partitions without root access. I came across this answer, but removing my user from plugdev didn't change anything. Then I found out that udisksctl might have to do something with it, but I couldn't find a way to disable udisksctl for users (editing /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy didn't change anything), so I just renamed /usr/bin/udisksctl and restarted and... dolphin can still mount partitions.
Now my question: How can I make mounting partitions only possible for root users?
Cubi73
Posted 2017-08-30T11:05:59.603
Reputation: 291
1I'm on Kubuntu 16.04. Confirmed:
plugdevgroup is no use. You're about right, mounting is done byudisks2. You can stop it bysystemctl stop udisks2.servicebut I don't know the side effects of such action. I'd rather modify polkit rules but gosh! – this thing seems overly complex with config(?) files in/var/lib/polkit-1/,/usr/share/polkit-1/,/etc/polkit-1/. – Kamil Maciorowski – 2017-09-05T18:21:15.430@KamilMaciorowski Thanks for the hint.
systemctl mask udisks2+reboot solved the problem for me.udisksctlspits out errors now, when run from terminal,dolphindoesn't even see partitions anymore (even mounted ones) and my encrypted home directory is still mounted on login. So far I didn't encounter any problem. I would still be glad to see a solution based on changing privileges (polkit-1) instead of shutting down a service. – Cubi73 – 2017-09-05T19:17:08.5671
Related: Prevent copying data to usb devices in Linux Ubuntu 16.04.
– Kamil Maciorowski – 2018-04-06T06:42:10.907