Linux – Prevent a partition on a USB drive auto-mounting in Linux

linuxmountpartitioningusbusb-flash-drive

On Linux (Gnome desktop) how do you prevent one of the partitions on an external USB drive auto-mounting when it attached to the machine?

I don't just want to prevent the Nautilus window from popping up — I want that partition not to mount.

Fiddling with /etc/fstab is not acceptable, as this is a removable drive that is attached to different machines.

I seem to remember that you create a hidden file in the root of the file system, but I can't remember what it's called. Something like:

touch /media/usbdisk/.no-mount

How do you actually make this work?

Best Answer

To read that file, the partition would have to be mounted. The auto-mounting is a feature of the operating system (actually hotplug, or some other service monitoring USB) and has to be turned off per-machine.

Related Solutions

Linux – Cannot mount a USB pendrive

This problem can have many different origins. The most likely one is that you have a problem with polkit. Do you have a directory called /etc/polkit-1/localauthority? If so, edit, as root, this file: /etc/polkit-1/localauthority/50-local.d/55-storage.pkla and add the following lines:

  [Storage Permissions]
  Identity=unix-group:plugdev
  Action=org.freedesktop.udisks.filesystem-mount;org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.drive-detach;org.freedesktop.udisks.luks-unlock;org.freedesktop.udisks.inhibit-polling;org.freedesktop.udisks.drive-set-spindown
  ResultAny=yes
  ResultActive=yes
  ResultInactive=no

You should also add yourself to the plugdev group,

 usermod -a -G plugdev <your username>

which is the correct command for Debian-family distros (Debian, Ubuntu, Mint,...), if you are not on one of those please adapt it to your distro.

If this does not apply, please report back.

Linux – How to mounting a VeraCrypt drive be done without root in Linux

One option would be to set the the SUID bit on veracrypt. This would make sure it took on root privileges whenever run.

# chmod u+s /usr/bin/veracrypt

Generally, however, I try to avoid the SUID or SGID bits, as they allow any user with permission to execute the binary to use it at elevated privileges.

A better option:

Another option you have if you've got sudo is to create a group with password-free sudo privileges for veracrypt.

This is definitely a still a little less secure than always requiring a password, as is always the case when creating sudo rules like this. Make sure you read this carefully and understand what it entails to ensure you do not create a security risk!

Before you begin, you want to ensure that the /usr/bin/veracrypt binary is not writable by group or other.

Confirm that it is not writable by another other than the owner:

$ ls -lha /usr/bin/veracrypt
-rwxr-xr-x 1 root root 7.1M Sep 11  2019 /usr/bin/veracrypt

First, create a new group:

# groupadd veracrypt_group

Next, add your user(s) to the group:

# usermod -aG veracrypt_group your_user

Now you now use visudo to create a new sudo rule:

# visudo -f /etc/sudoers.d/veracrypt

This one will allow the veracrypt_group to run /usr/bin/veracrypt without a password.

%veracrypt_group ALL=(root) NOPASSWD:/usr/bin/veracrypt

Best Answer

Related Solutions

Linux – Cannot mount a USB pendrive

Linux – How to mounting a VeraCrypt drive be done without root in Linux

Related Question