1

I don't like the idea of a non-root user being able to mount partitions on my system (or mount them with write-privileges to be more specific). Even though mount only works for root users, my file manager dolphin can mount partitions without root access. I came across this answer, but removing my user from plugdev didn't change anything. Then I found out that udisksctl might have to do something with it, but I couldn't find a way to disable udisksctl for users (editing /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy didn't change anything), so I just renamed /usr/bin/udisksctl and restarted and... dolphin can still mount partitions.

Now my question: How can I make mounting partitions only possible for root users?

Cubi73
  • 431
  • 7
  • 21
  • 1
    I'm on Kubuntu 16.04. Confirmed: `plugdev` group is no use. You're about right, mounting is done by `udisks2`. You can stop it by `systemctl stop udisks2.service` but I don't know the side effects of such action. I'd rather modify polkit rules but gosh! – this thing seems overly complex with config(?) files in `/var/lib/polkit-1/`, `/usr/share/polkit-1/`, `/etc/polkit-1/`. – Kamil Maciorowski Sep 05 '17 at 18:21
  • @KamilMaciorowski Thanks for the hint. `systemctl mask udisks2`+reboot solved the problem for me. `udisksctl` spits out errors now, when run from terminal, `dolphin` doesn't even see partitions anymore (even mounted ones) and my encrypted home directory is still mounted on login. So far I didn't encounter any problem. I would still be glad to see a solution based on changing privileges (polkit-1) instead of shutting down a service. – Cubi73 Sep 05 '17 at 19:17
  • 1
    Related: [*Prevent copying data to usb devices in Linux Ubuntu 16.04*](https://superuser.com/q/1311298/432690). – Kamil Maciorowski Apr 06 '18 at 06:42

0 Answers0