I am very often dealing with formatting USB drives, that are registered as /dev/sdX. This includes executing mkfs
and fdisk
and mount
and other commands usually executed as root. However, I fear that accidentally I may mistype one single letter, and format my hard drive.
Ideally, I would want to set /dev/sdX*
devices in “read-only” mode, so that any fdisk
mkfs
wipefs
will fail on them, unless the device is switched to “read-write” mode by a manual command.
I thought chmod ugo-w /dev/sdX
would work exactly like that. However, to my surprise, chmod 0000 /dev/sdc1
followed by mkfs /dev/sdc1
works completely fine.
How can I prevent all users, also root, from modifying a hard drive and its partition table and partitioning the hard-drive and writing to partitions in a way other than via a mounted file system? How can I enable writing to the drive with this method if I would want to?
I know I can make the device being owned by user. This, however, requires me to switch between user and root to make commands like chroot
or mount
or umount
and this is a security hole. I do not want all USB storage devices being owned by user. I am searching for a better solution. Ideally, I would want to stay as the root user, just without the possibility of formatting the wrong disc.