0

I am using fedora 30 and I would like to prevent removable drives from being mounted with executable permissions. From my research I have found that Nautilus handles the auto-mounting(using Gnome on fedora 30). I so far haven't been able to find a setting to achieve what I want with Nautilus. I have also looked into udisks2 which is what Nautilus calls underneath. This service also does not seem to be configurable in terms of setting default mount options for removable media. I am now stuck and its seems odd that this is so difficult to achieve since using fstab for mounting partitions its very easy to set noexec.

Improve this question
4
  • It seems that from udisks2's devs point of view, the frontend (gnome in this case) should be the one that is responsible for allowing the users to set desired default mount options. If you can't find anything for that in dconf-editor (where you can disable automounting), probably gnome's dev don't think it's necessary (after all they prefer things to be "simple" since version 3), and hence it isn't actually possible.
    – Tom Yan
    Commented Sep 24, 2019 at 3:33
  • For the record, it seems that you can pass mount options to udisks via a udev rules / env var, back in the days when udisks was udisks"1".
    – Tom Yan
    Commented Sep 24, 2019 at 3:35
  • Btw some devs also claim that noexec is pointless as one can simply copy the executable to $HOME and execute it instead. (Though perhaps you have measures for that as well, I don't know.)
    – Tom Yan
    Commented Sep 24, 2019 at 3:37
  • It does seem odd that they removed the feature when they moved to udisks2. I have found a couple of requests for the same functionality in udisks2 but it hasn't been implemented. Yeah home can easily be made noexec with fstab. Maybe the holistic method is to disable a low privileged users ability to executes scripts(if that's possible). I have looked into udisk2 wrappers like udiskie maybe I could get something working that way. If all else fails I could write my own auto mounter but this is far from ideal.
    – techimperial
    Commented Sep 24, 2019 at 3:52

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .