Making a read-only live USB

I’m trying to create a custom live USB that, by default, only mounts all media as read only (internal hard drives and USB sticks included) so that I don’t change files unintentionally. The detail is a bit long but please bear with me.

Ideally I would like:

· All media (including internal HDDs and USB drives) to NOT be automatically mounted
· In Nautilus (file explorer), they would be detected and shown in the left column, which is the current action, but still not mounted.
· Clicking on the drive in Nautilus would mount the drive as read-only, as opposed to the current action which is to mount with read/write privileges.
· The only drives which are exceptions to this would be the live USB mounted drives, where changes aren’t stored on the USB but in actuality temporarily in memory, and are lost on shut down. I am not intending to use persistence.

Nautilus screenshot below for reference.
Screenshot from 2016-07-30 15-30-47.png

So far, my NTFS hard drive doesn’t mount by default which is good. I have also managed to disable automount for USBs by typing the following in the terminal:
gsettings set org.gnome.desktop.media-handling automount false

However, clicking in Nautilus on the hard drive/media shortcut on the left column mounts a volume with read/write privileges. Ideally, I want this mounting-on-click to be read-only, but if this is not possible, I would settle for having the drives auto-mount as read-only on detection (and therefore before clicking).
My investigations has so far shown up that I can use udiskctl to mount partitions read only from the terminal. Using this command, the shortcut to the mount point appears on the left column in Nautilus and the files are mounted under /media/Ubuntu/VOLUME_LABEL. The ‘VOLUME_LABEL’ folder is created and deleted on mount and unmount respectively, which is all perfectly how I want it!

For example, I can mount read-only by typing:

Code:

udiskctl mount –o ro –b /dev/sdc1

Next, I’ve been trying to use udevadm and to run this command on and partitions as soon as detected. To do this, I made a rule file in /etc/udev/rules.d/80-custom.rules with the following text:

Code:

KERNEL==”sd??”, RUN+=”/usr/bin/udiskctl mount –o ro –b /dev/%k”

I then enabled the new rule and tested it:

Code:

Udevadm control –reload
Udevadm test /block/sdc/sdc1

The test output stated that the RUN command is used.

run: ‘/usr/bin/udiskctl mount –o ro –b /dev/sdc1’

So it appeared to work when I use the test function but when I actually insert a USB, it doesn’t mount automatically with this new rule, even though all the sources I’ve read seem to imply that it should.

So my first question is, how do I get the rule to work? Secondly, I’d like to know if anyone has managed to do what I’m trying here already and can help me figure out how to make all media read-only by default.

I am using Ubuntu 16.04.1, 64 bit.

I’d appreciate any help you can give. Thanks for your time.

Let's block ads! (Why?)

Making a read-only live USB