1<?xml version="1.0" encoding="utf-8"?>
2<page xmlns="http://projectmallard.org/1.0/" xmlns:its="http://www.w3.org/2005/11/its" type="topic" style="task" id="lockdown-repartitioning" xml:lang="tr">
3
4  <info>
5    <link type="guide" xref="user-settings#lockdown"/>
6    <link type="seealso" xref="dconf-lockdown"/>
7    <revision pkgversion="3.14" date="2014-12-10" status="review"/>
8
9    <credit type="author copyright">
10      <name>Jana Svarova</name>
11      <email>jana.svarova@gmail.com</email>
12      <years>2014</years>
13    </credit>
14    <credit type="copyright editor">
15      <name>Ekaterina Gerasimova</name>
16      <email>kittykat3756@gmail.com</email>
17      <years>2014</years>
18    </credit>
19
20    <include xmlns="http://www.w3.org/2001/XInclude" href="legal.xml"/>
21
22    <desc>Prevent the user from changing disk partitions.</desc>
23  </info>
24
25  <title>Disable repartitioning</title>
26
27  <p><sys>polkit</sys> enables you to set permissions for individual
28  operations. For <sys>udisks2</sys>, the utility for disk management services,
29  the configuration is located at
30  <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>. This
31  file contains a set of actions and default values, which can be overridden by
32  system administrator.</p>
33
34  <note style="tip">
35    <p>The <sys>polkit</sys> configuration in <file>/etc</file> overrides that
36    shipped by packages in <file>/usr/share</file>.</p>
37  </note>
38
39  <steps>
40    <title>Disable repartitioning</title>
41    <item>
42      <p>Create a file with the same content as in
43      <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>:
44      <cmd>cp /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy /etc/share/polkit-1/actions/org.freedesktop.udisks2.policy</cmd></p>
45      <note style="important">
46        <p>Do not change the
47        <file>/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy</file>
48        file, your changes will be overwritten by the next package update.</p>
49      </note>
50    </item>
51    <item>
52      <p>Delete any actions you do not need from within the
53      <code>policyconfig</code> element and add the following lines to the
54      <file>/etc/polkit-1/actions/org.freedesktop.udisks2.policy</file>
55      file:</p>
56      <listing>
57<code><![CDATA[
58  <action id="org.freedesktop.udisks2.modify-device">
59     <description>Modify the drive settings</description>
60     <message>Authentication is required to modify drive settings</message>
61    <defaults>
62      <allow_any>no</allow_any>
63      <allow_inactive>no</allow_inactive>
64      <allow_active>yes</allow_active>
65    </defaults>
66</action>
67]]></code>
68      </listing>
69      <p>Replace <code>no</code> by <code>auth_admin</code> if you want to
70      ensure only the root user is able to carry out the action.</p>
71    </item>
72    <item>
73      <p>Save the changes.</p>
74    </item>
75  </steps>
76
77  <p>When the user tries to change the disk settings, the following message is
78  shown: <gui>Authentication is required to modify drive settings</gui>.</p>
79
80</page>
81