Blog

memory stick, memory, media, recording mode, external, removable, usb- Photo by EsaRiutta
memory stick, memory, media, recording mode, external, removable, usb- Photo by EsaRiutta

Udiskie

In most, if not all, Linux distros, you can force the use of passwords for auto-mounting USB memory devices. To manage or reduce password prompts, you can:
  • Edit PolicyKit rules: You can create or modify PolicyKit rules to allow certain actions without a password. This involves creating a .policy file in the appropriate directory.
  • Run Udiskie with elevated privileges: You can run Udiskie as a user with the necessary permissions, but this is generally not recommended for security reasons.
  • Check Udiskie configuration: Review the Udiskie configuration files to ensure they are set up correctly for your use case.

Example- Edit PolicyKit rules for Udiskie:

Having Udiskie use PolicyKit (often referred to as polkit) to require a password for mounting USB drives can achieve a more strict and secure mounting approach:
  1. Install Required Packages: Ensure you have udisks2 and polkit installed. You can install them using the following command: 
    sudo pacman -S udisks2 polkit
  2. Create a PolicyKit Rule: You can create a custom PolicyKit rule that requires a password for mounting USB drives. To do this, create a new file in the /etc/polkit-1/rules.d/ directory. For example, you can create a file named 99-usb-mount.rules: 
    sudo nano /etc/polkit-1/rules.d/99-usb-mount.rules
    Add the following content to the file: 
    polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount-system" &&
        subject.isInGroup("wheel")) {
        return polkit.Result.YES;
    }
});
    This rule allows members of the wheel group to mount filesystems without a password, but you can modify it to require a password for all users.
  3. Modify the Rule to Require Password: If you want to require a password for all users, you can adjust the rule like this: 
    polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount-system") {
        return polkit.Result.AUTH_ADMIN;
    }
});
    This will prompt for a password whenever a user tries to mount a USB drive.
  4. Restart the Polkit Service: After creating or modifying the rule, restart the PolicyKit service to apply the changes: 
    sudo systemctl restart polkit
  5. Test the Configuration: Insert a USB drive and try to mount it. You should be prompted for a password.
By following these steps, you can ensure that all USB mounts require entering the password of a user in the wheel group or any other specified group. Adjust the rules according to your specific requirements.

This content is free to use, adapt, and share.
Knowledge and information should be open—please spread them far and wide.

A few things to keep in mind:

  • All of my work comes with absolutely no warranty, expressed or implied. However…
  • It will almost certainly work until it breaks,
    though I must admit it may never work or be useful—and that would be sad.
  • If/when it breaks, you can keep all the pieces.
  • As for what you don’t like, it’s yours to do with as you will.
  • If you find my materials helpful, both you and I will be happy (at least for a while).
  • My advice is worth every penny you paid for it!

Full disclosure:
I use various AI systems to assist in developing my content.
If you’re curious about how I use them, feel free to check out:
The Revolutionary Impact of AI on Genealogy and Historical Research.