13.7. Locking Repartitioning
polkit enables you to set permissions for individual operations. For udisks2, the utility for disk management services, the configuration is located at /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy. This file contains a set of actions and default values, which can be overridden by system administrator.
Important
Remember that
polkit configuration stored in /etc overrides the configuration shipped by packages in /usr/share/.
Procedure 13.7. To Prevent Users from Changing Disks Settings
- Create a file with the same content as in
/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy.cp /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy /etc/share/polkit-1/actions/org.freedesktop.udisks2.policy
Do not change the/usr/share/polkit-1/actions/org.freedesktop.udisks2.policyfile, your changes will be overwritten by the next package update. - Delete the action you do not need and add the following lines to the
/etc/polkit-1/actions/org.freedesktop.udisks2.policyfile:<action id="org.freedesktop.udisks2.modify-device"> <message>Authentication is required to modify the disks settings</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>yes</allow_active> </defaults> </action>Replacenobyauth_adminif you want to ensure only the root user is able to carry out the action. - Save the changes.
When the user tries to change the disks settings, the following message is returned:
Authentication is required to modify the disks settings
