How to Create a Udev Rule to Mount a USB Drive Read Only

I'm trying to set a particular USB drive to always mount read only. If I plug it in, it is seen as sdb with a single partition, sdb1. Here are some relevant udevadm lines (not the entire output of course):

$ udevadm info -a -n /dev/sdb1
  looking at device '/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.4/2-1.4:1.0/host21/target21:0:0/21:0:0:0/block/sdb/sdb1':
    KERNEL=="sdb1"
    SUBSYSTEM=="block"
    DRIVER==""
    ATTR{ro}=="0"
    ATTR{size}=="976768002"
    ATTR{stat}=="     473    30586    33938     3460        5        0       40     1624        0     2268     5084"
    ATTR{partition}=="1"

OK, so I wrote the following udev rule and saved it as /etc/udev/rules.d/10-usbdisk.rules:

SUBSYSTEM=="block",
ATTR{size}=="976768002",
MODE="0555"

According to this, using size should be enough but I have also tried other permutations. In any case, the rule does seem to be read (again, selected output lines, you can see the entire output here:

$ udevadm test $(udevadm info -q path -n /dev/sdb1) 2>&1
[...]
read rules file: /etc/udev/rules.d/10-usbdisk.rules
[...]
MODE 0555 /etc/udev/rules.d/10-usbdisk.rules:4

So, it looks like the rule should be applied and it looks like the MODE="0555" is the correct syntax. However, when I actually plug the disk in, I can happily create/delete files on it.

OS: Debian testing (LMDE)

So, what am I doing wrong? How can I mount a particular USB drive as read only automatically using udev¹?

¹_{I know how to do this with fstab but fstab settings are ignored by gvfs. My objective is to have this mounted automatically as read only in the GUI. Presumably this will have to be done via udev or gvfs somehow.}

Best Answer

Ok, the summary is that Nautilus uses GVFS and you need to tell udev to use GVFS too when reading the fstab entries, you can do this using:

/dev/block-device /mount/point auto x-gvfs-show,ro 0 0

x-gvfs-show will tell udev and anyone interested to use the GVFS helper to mount the filesystem, so gvfs has all the control mounting, umounting, moving mount points, etc.

Lets see if we understand how are drives mounted in modern Linux systems with GUI's (specifically Nautilus):

Nautilus uses GVFS as backend to mount FTP, SMB, block devices, among other things into the file system. The tool that GNOME designed for such proposes is called called Disks is the one that modify the behavior of GVFS. Now here comes the fun.

Nautilus ignores anything that it wasn't mounted using GVFS (like using fstab) and gives you a very rudimentary control over this using udev (Nautilus doesn't ask GVFS to unmount or mount devices that were not manipulated using GVFS, that includes udev, fstab, mount and any other blob) such as just unmount and mount. Using the permissions and options stored in fstab/udev you can use these filesystems accordingly but you can't modify the behavior using GVFS. If something was mounted using sudo mount -o rw /dev/sda3, nautilus tells udev that it doesn't have permissions to modify the mount point, so it pass the responsibility to udev which in turn ask polkit for permissions. If you had used GVFS, nautilus itself unmount the device without permissions, nor dialogs, etc.

Best Answer

Related Solutions

Centos – Why is the udev mounted device not staying put

Related Question