On my Ubuntu system, I noticed that some file managers, when open, they can mount any drive that was connected via one of my USB ports (as non-root). In the attempt of preventing this from happening I configured my /etc/fstab
like so:
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/vgubuntu-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/nvme0n1p3 during installation
UUID=485794d0-6773-4136-9df9-c8f97fc3c3bc /boot ext4 defaults 0 2
# /boot/efi was on /dev/nvme0n1p2 during installation
UUID=5E62-20EC /boot/efi vfat umask=0077 0 1
/dev/mapper/vgubuntu-swap_1 none swap sw 0 0
#/media/j/sandisk-32GB is my primary USB drive for backups
PARTUUID=d199a40a-b5cc-724b-b70b-1b90e4274ea9 /media/user_xyz/sandisk-32GB ext4 defaults,nofail 0 3
1. How do I prevent automounting or mounting by other than root
users of the drives / partition that are not specified in my /etc/fstab
?
2. Is it possible to go even further and restrict root
from mounting drives other than those whitelisted? E.g., root
tries to do mount PARTUUID=this-partition-is-not-whitelisted /media/user_xyz/not-whitelisted
and fails, unless they change the configuration that I am trying to set up.
P.S. The particular PARTUUID
is just used to convey the idea where I am getting at - I am aware that it is not of a proper format and that root
would fail in mounting it because of it.
I am on Ubuntu 22.04 LTS.