How do I deny user to mount floppy, cdrom and usbstick ?
Paul Howarth
paul at city-fan.org
Wed Feb 9 15:44:21 UTC 2005
Thomas Cameron wrote:
> ----- Original Message ----- From: "Karl-Olov Serrander" <kase at cntw.com>
> To: <fedora-list at redhat.com>
> Sent: Wednesday, February 09, 2005 7:22 AM
> Subject: How do I deny user to mount floppy, cdrom and usbstick ?
>
>
>> Running FC2/FC3 in a sensitive environment we need to deny ordinary
>> users the possibilty to read or write floppy/cdrom/usbsticks.
>>
>> We need to be able to give som users/machines permissions to do
>> nothing/read/write
>> floppy/cdrom/usbsticks.
>>
>> How can this be done ?
>>
>> Regards
>> --
>> Karl-Olov Serrander kase at cntw.com
>
>
> I *think* you can turn off the floppy and cdrom in /etc/modprobe.conf
> with something like:
>
> alias floppy off
> alias cdrom off
>
> I am not sure about USB... Maybe:
>
> alias usb-storage off
Another possibility might be to copy
/usr/share/doc/hal-*/conf/storage-skip-all.fdi to
/usr/share/hal/fdi/95userpolicy, which according to "man fstab-sync"
(FC3) will ensure that no entries for storage devices will be added to
/etc/fstab; with no entry there, users shouldn't be able to mount
anything (I think).
Paul.
More information about the fedora-list
mailing list