1<?xml version="1.0" encoding="utf-8"?> 2<page xmlns="http://projectmallard.org/1.0/" xmlns:its="http://www.w3.org/2005/11/its" type="topic" style="task" id="lockdown-repartitioning" xml:lang="tr"> 3 4 <info> 5 <link type="guide" xref="user-settings#lockdown"/> 6 <link type="seealso" xref="dconf-lockdown"/> 7 <revision pkgversion="3.14" date="2014-12-10" status="review"/> 8 9 <credit type="author copyright"> 10 <name>Jana Svarova</name> 11 <email>jana.svarova@gmail.com</email> 12 <years>2014</years> 13 </credit> 14 <credit type="copyright editor"> 15 <name>Ekaterina Gerasimova</name> 16 <email>kittykat3756@gmail.com</email> 17 <years>2014</years> 18 </credit> 19 20 <include xmlns="http://www.w3.org/2001/XInclude" href="legal.xml"/> 21 22 <desc>Prevent the user from changing disk partitions.</desc> 23 </info> 24 25 <title>Disable repartitioning</title> 26 27 <p><sys>polkit</sys> enables you to set permissions for individual 28 operations. For <sys>udisks2</sys>, the utility for disk management services, 29 the configuration is located at 30 <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>. This 31 file contains a set of actions and default values, which can be overridden by 32 system administrator.</p> 33 34 <note style="tip"> 35 <p>The <sys>polkit</sys> configuration in <file>/etc</file> overrides that 36 shipped by packages in <file>/usr/share</file>.</p> 37 </note> 38 39 <steps> 40 <title>Disable repartitioning</title> 41 <item> 42 <p>Create a file with the same content as in 43 <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>: 44 <cmd>cp /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy /etc/share/polkit-1/actions/org.freedesktop.udisks2.policy</cmd></p> 45 <note style="important"> 46 <p>Do not change the 47 <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file> 48 file, your changes will be overwritten by the next package update.</p> 49 </note> 50 </item> 51 <item> 52 <p>Delete any actions you do not need from within the 53 <code>policyconfig</code> element and add the following lines to the 54 <file>/etc/polkit-1/actions/org.freedesktop.udisks2.policy</file> 55 file:</p> 56 <listing> 57<code><![CDATA[ 58 <action id="org.freedesktop.udisks2.modify-device"> 59 <description>Modify the drive settings</description> 60 <message>Authentication is required to modify drive settings</message> 61 <defaults> 62 <allow_any>no</allow_any> 63 <allow_inactive>no</allow_inactive> 64 <allow_active>yes</allow_active> 65 </defaults> 66</action> 67]]></code> 68 </listing> 69 <p>Replace <code>no</code> by <code>auth_admin</code> if you want to 70 ensure only the root user is able to carry out the action.</p> 71 </item> 72 <item> 73 <p>Save the changes.</p> 74 </item> 75 </steps> 76 77 <p>When the user tries to change the disk settings, the following message is 78 shown: <gui>Authentication is required to modify drive settings</gui>.</p> 79 80</page> 81