LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices

Reply
 
LinkBack Search this Thread
Old 05-10-2008, 09:24 AM   #1
emil_jfb
LQ Newbie
 
Registered: May 2008
Posts: 2

Rep: Reputation: 0
Block access to CDROM for some users (or all users)


I have a computer, with multiple operating systems.
On one of them (OpenSuse 10.3 + KDE 3.5), I want to block the CD-ROM access to some or all the users.
No problem if even root is not allowed.
The other OS on the computer must see the CD-ROM.

I have root access.
The other users do not have it.

When I enter a CD/DVD the KDE automounts it, so the CD becomes visible.

I searched the internet, and I found some threads, but no one could solve my problem.

1.
Is there a way to get the users out of the cdrom group?
I looked into it, and it seems that the cdrom group is empty.

2.
Or there is any command to put in a startup script.

3.
To stop the automounting of cdroms.

autofs is off, yet no results:
# /sbin/chkconfig --list | grep autofs
autofs 0ff 1ff 2ff 3ff 4ff 5ff 6ff

4.
To stop the KDE automounting, for all users.
As in: KDE Control Center > KDE Components > Service Manager > Startup Services box
But for all the users, without the possibility to re-activate it.

5.
Modifications in udev configuration files:
/etc/udev/rules.d/*

6.
Anything else?


I know it sounds paranoic, but the environment I have to install this security feature is very strict.

Thank you very much.
 
Old 05-11-2008, 03:11 AM   #2
Electro
Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
I suggest check your /etc/fstab file to find out what options that your distribution is using. If it is using any automounter listed for your drives, I suggest read about the automounter configuration.

Learn the outdated, unknown, and not trust worthy pam. Also learn SELinux. You may want to look into grsecurity. IMHO, it is best to take out pam to minimize any security problems. Yes, programs can do with out pam with some minor modifications.

If you are that paranoid, I suggest Gentoo because you will have a lot more control what is it doing, how it does it, when it should do it, and why is it doing that way.
 
Old 05-11-2008, 03:26 AM   #3
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Fedora 8, Centos 5.1
Posts: 480

Rep: Reputation: 30
Recompile your kernel without UDF and ISO9660 support, and that should stop anyone from mounting cds and any other ISO images. Remove automount capabilities while you are at it.

Maybe remove all automount utilities on your system.

Be innovative. There is loads of ways to do this with ease.

http://reactivated.net/writing_udev_rules.html

Last edited by v00d00101; 05-11-2008 at 03:34 AM.
 
Old 07-21-2008, 12:21 PM   #4
emil_jfb
LQ Newbie
 
Registered: May 2008
Posts: 2

Original Poster
Rep: Reputation: 0
This is how I did it:

- I moved to kubuntu 8.04 (for other reasons than this one)
- I cut sudo access to the current user
- I cut root access to the current user
- I stopped the service "hal" (the one that is responsible for automount devices in KDE) - this is the key

When I enter a CD/DVD, it is no longer auto mounted.
When I boot with a CD/CVD in tray, this one is not available either.

Same for USB devices.

If user tries
# mount /dev/scd0 /media/cdrom0
it gets: "mount: only root can do that"

I also commented out these 2 lines in /etc/fstab
#/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
#/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0

Emil
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:40 PM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:00 PM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 10:00 AM
No access to cdrom or audio with regular users jwn7 Debian 3 09-25-2004 06:45 PM
Block DNS users slam Linux - Networking 9 09-30-2003 02:25 PM


All times are GMT -5. The time now is 01:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration