Linux – Prevent non-root user from formatting a partition

fedoralinuxpartitionpolkit

Few days back I mistakenly formatted a partition on my external hard drive by clicking Format from the Context menu in Computer. I want to know that how can I prevent non-root user from being able to do so. At the same time I need the non-root user to be able to read and write on the partition.

I use Fedora 14.

Thanks.

Best Answer

As nc3b already pointed out, this gets controlled by PolicyKit. The policy for disks is located at: /usr/share/polkit-1/actions/org.freedesktop.udisks.policy and can be adjusted.
Open it with root rights and search for the line: <action id="org.freedesktop.udisks.change">, either comment out the whole block: <!-- [udisks.change-block] -->, or set <allow_active> to 'no', save and exit.

Check if it's disabled:

$ pkaction --verbose --action-id org.freedesktop.udisks.change
No action with action id org.freedesktop.udisks.change

Or if you've set no:

...
implicit active:   no

Good, next time you try to format a device as a non-root user, either over the context menu or over 'Disk Utility', an error message will appear an disallow it. This step will still allow the non-root user to read/write the device.

If you still want to allow formating of devices, but with a higher security level, you can force PolicyKit to ask for a password every time.
Open the same file and go to the same section, substitute the 'yes' with 'auth_admin' in allow_active:

<allow_active>auth_admin</allow_active>

Check:

$ pkaction --verbose --action-id org.freedesktop.udisks.change
...
implicit active:   auth_admin

Excellent!

Note: I've only tested this on Ubuntu, but Fedora also uses PolicyKit, so try it with a dummy drive first.

Related Question