root@localhost# chown root.root `which mount` && \
chmod go-rwx `which mount`
And be done with it?
Also, if the floppy, cdrom, and usbstick devices all belong to respective groups, couldn't you just rip the users out of the groups in the /etc/group file?
Paul Howarth wrote:
Thomas Cameron wrote:
----- Original Message ----- From: "Karl-Olov Serrander" <kase@xxxxxxxx> To: <fedora-list@xxxxxxxxxx> Sent: Wednesday, February 09, 2005 7:22 AM Subject: How do I deny user to mount floppy, cdrom and usbstick ?
Running FC2/FC3 in a sensitive environment we need to deny ordinary users the possibilty to read or write floppy/cdrom/usbsticks.
We need to be able to give som users/machines permissions to do nothing/read/write
floppy/cdrom/usbsticks.
How can this be done ?
Regards -- Karl-Olov Serrander kase@xxxxxxxx
I *think* you can turn off the floppy and cdrom in /etc/modprobe.conf with something like:
alias floppy off alias cdrom off
I am not sure about USB... Maybe:
alias usb-storage off
Another possibility might be to copy /usr/share/doc/hal-*/conf/storage-skip-all.fdi to /usr/share/hal/fdi/95userpolicy, which according to "man fstab-sync" (FC3) will ensure that no entries for storage devices will be added to /etc/fstab; with no entry there, users shouldn't be able to mount anything (I think).
Paul.