Web lists-archives.com

Re: How to limit udisks2 rules to a specific device?




On 2018-04-09 12:30, Richard Hector wrote:
> On 09/04/18 04:50, Mikhail Morfikov wrote:
>> When it comes to mounting devices, I have two simple rules:
>> 1) only root can do it.
>> 2) in some cases only defined users can mount some specific devices.
>>
>> So I want to forbid all users (except root) to access all devices that people
>> can possibly plug into a USB port. But devices can be distinguished by, for
>> instance, some serial number (or something else). I have a USB drive, and I want
>> it to be accessed and mounted by my regular user without asking me for password
>> each time I do so.
> 
> I assume faking the serial number is too difficult to be worried about?
> 
> Richard
> 
I know little about faking the serial number of a device, but it was just an
example. There're lots of things a device can be matched against, and also you
can give different privileges to users even when they operate on the same device.

And, of course, remember that the message, which is returned to a user, is "Not
authorized to perform operation", and not "Not authorized to perform operation
due to not whitelisted serial number". :) So it could be difficult to know why
you're not able to mount such device in my system.

Anyways, I've manged to install the experimental version of policykit. It works
well, and I was able to set everything in the way I wanted.

Attachment: signature.asc
Description: OpenPGP digital signature