Re: How do I deny user to mount floppy, cdrom and usbstick ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hm, maybe I'm just being a bit of a joykill, but if you don't want them to mount floppys, cdroms, and usbsticks, (and if they're not supposed to be mounting anything at all) couldn't you just
root@localhost# chown root.root `which mount` && \
chmod go-rwx `which mount`
And be done with it?
Also, if the floppy, cdrom, and usbstick devices all belong to respective groups, couldn't you just rip the users out of the groups in the /etc/group file?


Paul Howarth wrote:
Thomas Cameron wrote:

----- Original Message ----- From: "Karl-Olov Serrander" <kase@xxxxxxxx>
To: <fedora-list@xxxxxxxxxx>
Sent: Wednesday, February 09, 2005 7:22 AM
Subject: How do I deny user to mount floppy, cdrom and usbstick ?


Running FC2/FC3 in a sensitive environment we need to deny ordinary
users the possibilty to read or write floppy/cdrom/usbsticks.

We need to be able to give som users/machines permissions to do nothing/read/write
floppy/cdrom/usbsticks.


How can this be done ?

Regards
--
Karl-Olov Serrander kase@xxxxxxxx



I *think* you can turn off the floppy and cdrom in /etc/modprobe.conf with something like:


alias floppy off
alias cdrom off

I am not sure about USB...  Maybe:

alias usb-storage off


Another possibility might be to copy /usr/share/doc/hal-*/conf/storage-skip-all.fdi to /usr/share/hal/fdi/95userpolicy, which according to "man fstab-sync" (FC3) will ensure that no entries for storage devices will be added to /etc/fstab; with no entry there, users shouldn't be able to mount anything (I think).

Paul.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux