Re: udev rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 4 Aug 2009, anstrad@xxxxxxxxx wrote:

> Hi
> i teach computer science in a high school and i want to use some pc 
> supporting ubuntu or other linux version; 
> from a security point of view i want 
> to prevent students from using usb flash devices to copy files from pc or 
> to 
> copy files in the pc. 
> I wrote this kind of rule for udev (i named it 10-
> chiavetta-usb.rules)
> 
> ACTION=="add", KERNEL=="sd[b-z][0-9]*", SUBSYSTEM=="usb", 
> ATTRS{removable}=="True", ATTRS{product}=="?*", NAME="chiavettausb%k", 
> GROUP="
> root" OWNER="root"
> 
> but it has a strange behavior: when an unprivileged user 
> (as ubuntu define it) insert a usb flash device the system mount it and 
> create 
> the directory with the owner the current user (not root as specified by the 
> udev rule) and when inserting a second usb flash device the system create 
> the 
> directory but with root as owner denying the access to the user: i want 
> that 
> each inserted usb flash device cannot be mounted by the unprivileged user.
> 
> 
> What is wrong with my udev rule? I am new with linux and system 
> administration.

Several things are wrong with the rule.  The main problem is that it 
specifies the ownership of the USB device, but not the ownership of any 
directories.

Using udev is not a good way to prevent people from mounting USB flash
devices.  You're a lot better off blacklisting the usb-storage.ko and
ub.ko modules, or removing them entirely.

Even better would be to fill the USB ports with glue so that nobody can 
plug a flash drive into the computers at all.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux