4

THIS POST IS NOT A DUPLICATE ALTHOUGH IT HAS BEEN MARKED AS SUCH. NO WHERE ON THE ALLEGED DUPLICATE PAGE DOES IT MENTION EXTERNAL DRIVES OR HOW TO DIFFERENTIATE THEM INSIDE POLKIT

I did some research and found my question asked already. It is a duplicate of is it possible to make ubuntu ask for my password before mounting usb-drives?

the problem is, they did not answer that persons question, at all. He did not ask about encrypting a drive. His issue, as is mine, is not protecting a single flash/usb drive, it is protecting his Ubuntu system from someone inserting a usb/flash drive

He, as well as I, want Ubuntu to prompt for our password before mounting any USB drive that gets inserted. How can I do this? I found this topic How to make Ubuntu ask for password when mounting partitions? but that is for either all drives, or for specific ones. All drives will not work for my setup, as I do not require it to mount internal drives. The individual drives setup will not work either, because in this case the UUID is unknown, so setting it up ahead of time is not possible.

I thought the original poster stated the problem well, and it was not a case of misunderstood question, the person answering just did not answer the question asked.

I went to add to that already started topic, but the guide that popped up suggested I not ask further questions if the topic is not answered. I hope I did the right thing by creating a new topic.

EDIT: More explanation was asked for. I have internal drives, that do not get mounted when the machine boots. They are dm-crypt encrypted drives that get mounted when I enter my key at the cryptsetup prompt, after the machine is booted and logged in. So requiring the password for ALL drives will not work. As I mentioned the UUID of an unknown usb/flash drive is well, unknown, so the specific drive setup in fstab will not work either. Is there a way to require it for all External drives, but not the Internal ones?

I appreciate all the suggestions, even the off-topic ones that do not answer the question I asked

EDIT again: Thinking about it, could udev be used to write some rule for this? I do not understand udev well enough yet, but it seems like that could be useful

EDIT: Anders not sure what on that page I should be looking at, but I do not see how to accomplish my goal, with info on that page. Please share your idea

Community
  • 1
grinch
  • 103
  • 1
  • 9

1 Answers1

2

If you understand what is happening in this answer then it is easy to change it to the way you want it to behave.

Just make a file named /etc/polkit-1/localauthority/90-mandatory.d/external_mnt.pkla with the following context:

[external mount pass]
       Identity=unix-group:admin;unix-group:sudo
       Action=org.freedesktop.udisks.filesystem-mount
       ResultActive=auth_admin_keep

This should ask a password when an external device is mounted, but shouldn't ask when an internal is mounted.

Where to find more info about these things: In the manuals: man pklocalauthority and man polkit.

Regarding the comment: How does the system know to only ask on external drives? For that to know you should look into the source code of udisks, device.c, on line 6674 starts an if branch, which is:

if (is_device_in_fstab (device, NULL))
{
  action_id = NULL;
}
else
{
  if (device->priv->device_is_system_internal)
    action_id = "org.freedesktop.udisks.filesystem-mount-system-internal";
  else
    action_id = "org.freedesktop.udisks.filesystem-mount";
}

So you can see that org.freedesktop.udisks.filesystem-mount is only for mounts which are not considered internal. And what is considered internal? That is also coded in that file, just look it up if you are curios.

Note: I just tested this, and it have worked for me.

Community
  • 1
falconer
  • 15,334