On Tue, 4 Aug 2009, anstrad@xxxxxxxxx wrote:
> Hi
> i teach computer science in a high school and i want to use some pc
> supporting ubuntu or other linux version;
> from a security point of view i want
> to prevent students from using usb flash devices to copy files from pc or
> to
> copy files in the pc.
> I wrote this kind of rule for udev (i named it 10-
> chiavetta-usb.rules)
>
> ACTION=="add", KERNEL=="sd[b-z][0-9]*", SUBSYSTEM=="usb",
> ATTRS{removable}=="True", ATTRS{product}=="?*", NAME="chiavettausb%k",
> GROUP="
> root" OWNER="root"
>
> but it has a strange behavior: when an unprivileged user
> (as ubuntu define it) insert a usb flash device the system mount it and
> create
> the directory with the owner the current user (not root as specified by the
> udev rule) and when inserting a second usb flash device the system create
> the
> directory but with root as owner denying the access to the user: i want
> that
> each inserted usb flash device cannot be mounted by the unprivileged user.
>
>
> What is wrong with my udev rule? I am new with linux and system
> administration.
Several things are wrong with the rule. The main problem is that it
specifies the ownership of the USB device, but not the ownership of any
directories.
Using udev is not a good way to prevent people from mounting USB flash
devices. You're a lot better off blacklisting the usb-storage.ko and
ub.ko modules, or removing them entirely.
Even better would be to fill the USB ports with glue so that nobody can
plug a flash drive into the computers at all.
Alan Stern
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
