On 2018-04-09 12:30, Richard Hector wrote:
> On 09/04/18 04:50, Mikhail Morfikov wrote:
>> When it comes to mounting devices, I have two simple rules:
>> 1) only root can do it.
>> 2) in some cases only defined users can mount some specific devices.
>> So I want to forbid all users (except root) to access all devices that people
>> can possibly plug into a USB port. But devices can be distinguished by, for
>> instance, some serial number (or something else). I have a USB drive, and I 
>> want
>> it to be accessed and mounted by my regular user without asking me for 
>> password
>> each time I do so.
> I assume faking the serial number is too difficult to be worried about?
> Richard
I know little about faking the serial number of a device, but it was just an
example. There're lots of things a device can be matched against, and also you
can give different privileges to users even when they operate on the same 

And, of course, remember that the message, which is returned to a user, is "Not
authorized to perform operation", and not "Not authorized to perform operation
due to not whitelisted serial number". :) So it could be difficult to know why
you're not able to mount such device in my system.

Anyways, I've manged to install the experimental version of policykit. It works
well, and I was able to set everything in the way I wanted.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to