Re: Restricting USB access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Greg,

Mostly, we're concerned with portable USB drives.  (We still want USB mice
and keyboards to function properly)  With openSUSE11.0 we were able to
restrict all USB access (in the org.freedesktop.hal.storage.mount-removable
file) and then add a list of privileged usernames into the policykit.conf
file to override permissions for those people. This allowed our special
users to use USB sticks while everyone else was unable to.

I'm trying to figure out if PolicyKit is still working for openSUSE11.2
(all the files seems to be there so I assumed that meant it was
available .... but the system doesn't seem to care what I put into those
files)

Could you give me some simple instructions on how to write a udev rule to
do this (I've never worked with udev before) .... or direct me to a good
tutorial website perhaps. I will do some more web hunting on that.
 (I guess I will have to take care of the CD burner also. I want that to be
readable by everyone but not writable. Would udev rules work for this
also?)

Thanks very much for your assistance.

Take care,
Ryan



From:       Greg KH <greg@xxxxxxxxx>
To:         Ryan Lawrie <ryan.lawrie@xxxxxxxxxxx>
Cc:         linux-hotplug@xxxxxxxxxxxxxxx
Date:       2010-10-07 04:51 PM
Subject:    Re: Restricting USB access



On Thu, Oct 07, 2010 at 03:50:55PM -0400, Ryan Lawrie wrote:
>
> Good afternoon,
>
> Just wondering if I could get your assistance with something.
>
> I need to secure the USB ports on my LAN workstations so they are not
> writable by users (other than a certain group that I specify). Is this
type
> of restriction possible using udev rules?

USB ports are "writeable" or "readable", it depends on the devices you
plug into them that you could then read or write to.

> I was using PolicyKit before but since we've changed OS (from
openSUSE11.0
> to 64-bit openSUSE11.2) that no longer seems to function properly.
> Everybody has access to the USB ports now.

You might want to just restrict the users for the specific devices using
a udev rule, or policykit, if that's still around.

What types of devices are you trying to restrict?

thanks,

greg k-h


--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Linux DVB]     [Asterisk Internet PBX]     [DCCP]     [Netdev]     [X.org]     [Util Linux NG]     [Fedora Women]     [ALSA Devel]     [Linux USB]

  Powered by Linux