How do I deny user to mount floppy, cdrom and usbstick ?
H. Streit
hstreit at swri.edu
Wed Feb 9 15:50:01 UTC 2005
hm, maybe I'm just being a bit of a joykill, but if you don't want
them to mount floppys, cdroms, and usbsticks, (and if they're not
supposed to be mounting anything at all) couldn't you just
root at localhost# chown root.root `which mount` && \
chmod go-rwx `which mount`
And be done with it?
Also, if the floppy, cdrom, and usbstick devices all belong to
respective groups, couldn't you just rip the users out of the groups
in the /etc/group file?
Paul Howarth wrote:
> Thomas Cameron wrote:
>
>> ----- Original Message ----- From: "Karl-Olov Serrander" <kase at cntw.com>
>> To: <fedora-list at redhat.com>
>> Sent: Wednesday, February 09, 2005 7:22 AM
>> Subject: How do I deny user to mount floppy, cdrom and usbstick ?
>>
>>
>>> Running FC2/FC3 in a sensitive environment we need to deny ordinary
>>> users the possibilty to read or write floppy/cdrom/usbsticks.
>>>
>>> We need to be able to give som users/machines permissions to do
>>> nothing/read/write
>>> floppy/cdrom/usbsticks.
>>>
>>> How can this be done ?
>>>
>>> Regards
>>> --
>>> Karl-Olov Serrander kase at cntw.com
>>
>>
>>
>> I *think* you can turn off the floppy and cdrom in /etc/modprobe.conf
>> with something like:
>>
>> alias floppy off
>> alias cdrom off
>>
>> I am not sure about USB... Maybe:
>>
>> alias usb-storage off
>
>
> Another possibility might be to copy
> /usr/share/doc/hal-*/conf/storage-skip-all.fdi to
> /usr/share/hal/fdi/95userpolicy, which according to "man fstab-sync"
> (FC3) will ensure that no entries for storage devices will be added to
> /etc/fstab; with no entry there, users shouldn't be able to mount
> anything (I think).
>
> Paul.
>
More information about the fedora-list
mailing list