13.7. Locking Repartitioning
polkitenables you to set permissions for individual operations. For
udisks2, the utility for disk management services, the configuration is located at
/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy. This file contains a set of actions and default values, which can be overridden by system administrator.
polkitconfiguration stored in
/etcoverrides the configuration shipped by packages in
Procedure 13.7. To Prevent Users from Changing Disks Settings
- Create a file with the same content as in
cp /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy /etc/share/polkit-1/actions/org.freedesktop.udisks2.policyDo not change the
/usr/share/polkit-1/actions/org.freedesktop.udisks2.policyfile, your changes will be overwritten by the next package update.
- Delete the action you do not need and add the following lines to the
<action id="org.freedesktop.udisks2.modify-device"> <message>Authentication is required to modify the disks settings</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>yes</allow_active> </defaults> </action>Replace
auth_adminif you want to ensure only the root user is able to carry out the action.
- Save the changes.
When the user tries to change the disks settings, the following message is returned:
Authentication is required to modify the disks settings