Re: How do I deny user to mount floppy, cdrom and usbstick ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matt Morgan wrote:
On Wed, 9 Feb 2005 14:22:17 +0100 (MET), Karl-Olov Serrander
<kase@xxxxxxxx> wrote:

Running FC2/FC3 in a sensitive environment we need to deny ordinary
users the possibilty to read or write floppy/cdrom/usbsticks.

We need to be able to give som users/machines permissions to do nothing/read/write
floppy/cdrom/usbsticks.

How can this be done ?


Can you put the computers in locking cases? Sometimes that's the
easiest/best way. For one thing, it's easy for a non-technical
security guard to know when the security has been altered, so you
don't have to be querying logs all the time.

Otherwise, in addition to breaking removable devices in the OS, you
might also want grub passwords, BIOS passwords, etc., because you'll
have to prevent booting from CD's and floppies, too, to stop people
from starting up a different copy of the OS. That can all be hard to
keep track of.

Depending on the sensitivity, it probably makes sense to turn off what
you can in software, also, but do consider physical security as part
of the broader solution. There are off-the-shelf cases that don't cost
very much.


Or don't install the devices or connectors in the first place. If there is a requirement for using one of these, then take the computer back to "the shop". This is what we do.


For USB/IEEE ports on motherboards, fill with epoxy and they become un-usable.

Physical control is much easier to control than any other method.

--
Robin Laing


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux