On 2018-04-09 12:30, Richard Hector wrote: > On 09/04/18 04:50, Mikhail Morfikov wrote: >> When it comes to mounting devices, I have two simple rules: >> 1) only root can do it. >> 2) in some cases only defined users can mount some specific devices. >> >> So I want to forbid all users (except root) to access all devices that people >> can possibly plug into a USB port. But devices can be distinguished by, for >> instance, some serial number (or something else). I have a USB drive, and I >> want >> it to be accessed and mounted by my regular user without asking me for >> password >> each time I do so. > > I assume faking the serial number is too difficult to be worried about? > > Richard > I know little about faking the serial number of a device, but it was just an example. There're lots of things a device can be matched against, and also you can give different privileges to users even when they operate on the same device.
And, of course, remember that the message, which is returned to a user, is "Not authorized to perform operation", and not "Not authorized to perform operation due to not whitelisted serial number". :) So it could be difficult to know why you're not able to mount such device in my system. Anyways, I've manged to install the experimental version of policykit. It works well, and I was able to set everything in the way I wanted.
signature.asc
Description: OpenPGP digital signature
