Disable automount of all USB and Firewire
David Zeuthen
david at fubar.dk
Mon Aug 7 08:45:19 PDT 2006
On Sun, 2006-08-06 at 16:57 -0400, maillist wrote:
> Hi all,
>
> Due to security reasons, I need to disable automounting of all USB and
> Firewire devices for all users. From Googling around, I believe I need
> to do this with HAL. However, I haven't really found any good docs on
> how to do this.
That's a fair request. If you have been following the list you will see
that with PolicyKit there are more advanced ways of doing this. However,
it will take a 6-12 months for that to be available in distros etc.
> If it matters, I am using Fedora Core 5.
On FC5 you will a file
99-redhat-storage-policy-fixed-drives.fdi
in /usr/share/hal/fdi/policy/10osvendor/ that contains this
<deviceinfo version="0.2">
<device>
<match key="@block.storage_device:storage.hotpluggable" bool="false">
<match key="@block.storage_device:storage.removable" bool="false">
<merge key="volume.ignore" type="bool">true</merge>
</match>
</match>
</device>
</deviceinfo>
It sets the volume.ignore flag on fixed disks and this flag has the
following effects
1. HAL will refuse to mount / unmount / eject volumes where
volume.ignore == TRUE
2. The drives won't show up in Nautilus' computer:/// window
So it seems you want a file like e.g.
99-ignore-some-drives.fdi
in /usr/share/hal/fdi/policy/10osvendor/ that looks something like this
<deviceinfo version="0.2">
<device>
<match key="@block.storage_device:storage.bus" string="usb">
<merge key="volume.ignore" type="bool">true</merge>
</match>
</device>
</deviceinfo>
Happy experimenting.
HTH,
David
More information about the hal
mailing list