LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices

Reply
 
Search this Thread
Old 02-26-2008, 11:13 AM   #16
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 64

Quote:
Originally Posted by aus9 View Post

is that being too intrusive?
Not at all !

The machines are regular desktop computers with hard drives, sound (internal speaker), and usb keyboard and mouse.

They will run some distro in graphical mode (Fedora/openSuSE and Gnome probably), and a special application that read that big file they don't want to be copied outside of this environment.

Theses computers are in a network, no shares any kind, just to communicate to a database server. At some point, each user may generate a big file for local processing (due to network performance issues). This file is volatile, I mean, the information in this file is good until to the next 4-6 hours. And partial knowledge of this file is not a issue too.

Just the members of board of directors may copy data out of this environment.

The users don't have any administrative previleges.

And thanks for the links for documentation.I will read ASAP.

cheers,
 
Old 02-26-2008, 11:33 AM   #17
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 115Reputation: 115
Quote:
Originally Posted by marozsas View Post
I've tried to mess with udev without success so far.
I' ve tried to change files like /etc/udev/rules.d/60-persistent-storage.rules but I was unable to create a conditional mount, based on group id or whatever.

I keep trying....

thanks so far,
I found udev to be a PITA, and I still find it to be a PITA even though I kind of have the hang of it.

You probably need to write your own rule, patterned off of persistent-storage.rules, but limited to devices on the USB bus and running ahead of that rule in the list.

That would probably be simpler.
 
Old 02-26-2008, 01:56 PM   #18
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 64
I've made some progress, thanks to documentation aus9 pointed to me - Hey aus9 thank you !

What I did:

in the file 60-persistent-storage.rules there are several references to sd devices (KERNEL=="sd*[0-9]").
The first step was to identify which one of theses are "activated" or matched by a usb memory stick. To figure out this, I added at end of each line, the statement ENV{MYFLAG}="flag-<number>", I mean:

Code:
KERNEL=="sd*[0-9]|cciss*p[0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n", ENV{MYFLAG}="flag-4"
And in a console, running "udevmonitor --env | grep -i MYFLAG" I was able to identify several rules that match for each usb memory stick based on number of the flag they show. For instance, the rules with flag-1, flag-3 and flag-4 matched for the a dozen of memory sticks I tried with. (of course, I need to plug and unplug the usb memory stick to trigger the events and see any output of udevmonitor)

Then,in the selected rules, I put at end, another statement: OPTIONS+="ignore_device" which I learned in the documentation.

A rule now, looks like:
Code:
KERNEL=="sd*[0-9]|cciss*p[0-9]", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n", ENV{MYFLAG}="flag-4", OPTIONS+="ignore_device"
And, as result, the usb memory stick is not automatically mounted anymore, as expected.

In fact, this was my second attempt. The first was using the statements OWNER, GROUP and MODE, but looks like they don't worked for me....more investigation is necessary.

Now, what I need to do is to ignore the device or adjust the onwer/group/mode to restrict the access the way they need.

Anyway, looks like I am in the right path.

Thanks for the help !

Last edited by marozsas; 02-27-2008 at 09:24 AM.
 
Old 02-26-2008, 05:30 PM   #19
aus9
Guru
 
Registered: Oct 2003
Posts: 5,060

Rep: Reputation: Disabled
jiml8 links?

how about persistent udev to the answer?
http://www.linuxjournal.com/article/7316
 
Old 02-27-2008, 09:31 AM   #20
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
I tried this on my cardreader. I created a new file /etc/udev/rules.d/91-local.rules
and added the following line:

KERNEL=="sd[c-f]*", GROUP="plugdev", MODE="0600"

All four devices sdc-sdf get plugdev group.
 
Old 02-27-2008, 09:32 AM   #21
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 64
I'm sorry !

Quote:
Originally Posted by aus9 View Post
jiml8 links?
I am SO SORRY ! Really ! My bad....

Hey aus9 ! Thanks for the links!
(I corrected my previous post too)

Quote:
Originally Posted by aus9 View Post
how about persistent udev to the answer?
http://www.linuxjournal.com/article/7316
I will read this too. But looks like the problem is not with the device node but automounting it.

Anyway, when I manage to solve this, I will make a small how-to here in this thread, for anyone interested.

see'ya,
 
Old 02-27-2008, 10:13 AM   #22
jukebox55
Member
 
Registered: Aug 2007
Distribution: slackware 11
Posts: 101

Rep: Reputation: 15
a good practical way of limiting misuse is to tell the people using the machines that monitoring software has been installed on their computer and that it logs all activity to their account name.

'Any employee found to be involved in the misuse of company data will be prosecuted under the full extent of the law.'(!)

this method is a powerful preventative measure regardless of whether there is monitoring software installed or not

Last edited by jukebox55; 02-27-2008 at 10:20 AM.
 
Old 02-27-2008, 10:53 AM   #23
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 64
Quote:
Originally Posted by Emerson View Post
I tried this on my cardreader. I created a new file /etc/udev/rules.d/91-local.rules
and added the following line:

KERNEL=="sd[c-f]*", GROUP="plugdev", MODE="0600"

All four devices sdc-sdf get plugdev group.
Yes, this work for the device node, but it is mounted anyway, because a root process mount this, not the user. Doesn't matter if I am member of group plugdev or not (and i am not). I tried even with mode=0000 and it is still mounted read-write to the user.

Code:
[root@babylon5 ~]# ll -ld /dev/sdc /dev/sdc1
brw------- 1 root plugdev 8, 32 2008-02-27 12:47 /dev/sdc
brw------- 1 root plugdev 8, 33 2008-02-27 12:47 /dev/sdc1
[root@babylon5 ~]# mount | grep sdc
/dev/sdc1 on /media/disk512 type vfat (rw,nosuid,nodev,uhelper=hal,shortname=lower,uid=500)
[root@babylon5 ~]#
 
Old 02-27-2008, 10:58 AM   #24
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 64
Hi aus9 ! Thanks to you (a reply to you) a become a Senior Member too! Cool !

 
Old 02-27-2008, 11:04 AM   #25
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
Can't you set uid and gid in the fstab?
 
Old 02-27-2008, 11:44 AM   #26
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
It works for me ... fstab line for sde1:

/dev/sde1 /media/sd vfat gid=410,umask=0707

410 is my plugdev group.
 
Old 02-27-2008, 12:28 PM   #27
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
OK, refined it a bit.

etc/udev/rules.d/91-local.rules

KERNEL=="sd[c-f]*", GROUP="plugdev", MODE="0660"

fstab line

/dev/sde1 /media/sd vfat users,uid=0,gid=410,umask=0007 0 0
 
Old 02-27-2008, 05:48 PM   #28
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 115Reputation: 115
what happens if you run an external script from the UDEV rule to get the UID/GID and have it return a 0 or 1 for true/false, then just process that?
 
Old 02-28-2008, 06:08 AM   #29
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 64
Hi jiml8 !

Would be nice, but looks like the only two ways to run a external program are with the PROGRAM statment that returns a name/string to create the device node and RUN+= directive that could do anything after the device is settle and mounted.

There are no conditional tests on this logic....

Using the RUN+= statement I was able to unmount the device after it was mounted, but there are a small window were the user could use the device. Using the jargon, it is a race condition, and I don't like this approach.

I am thinking to post a question at udev developers list to get some insights.
 
Old 02-28-2008, 07:43 AM   #30
bitpicker
Member
 
Registered: Jul 2003
Location: Germany
Distribution: Xubuntu, Ubuntu
Posts: 416
Blog Entries: 14

Rep: Reputation: 35
I find this very interesting. One should think that after it used to be such a pain to get everyone to mount their USB sticks in an automated fashion it should be easy as pie to go back there.

I've tried to find a solution using this document: http://www.reactivated.net/writing_udev_rules.html

It was pretty helpful in the past. Now while I don't yet have a solution (just the suggestion to use the attribute 'Removable' to define which kind of block device not to mount), the document does imply that all rules found in /etc/udev/rules.d are evaluated, not just the first which applies; therefore it may well be possible that the rules your distribution uses as default will still apply even after you have set your own rule, so that you may give the device to a specific group, but a later rule gives it to everybody else (or the users group or whatever), too. You might therefore also want to identify the rules your distribution applies to removable devices and change or disable them.

Robin
 
  


Reply

Tags
deny, devices, mass, storage, usb


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
*** USB external hard drive and USB memory stick linux_2007_ Linux - General 1 07-17-2007 05:20 PM
USB memory, Compact Flash, Memory Stick energiza Linux - Hardware 2 08-22-2006 10:29 PM
Missing memory in USB stick, flash memory, removable hd etc bamboo_spider Linux - Newbie 3 06-14-2006 06:39 PM
USB Memory Stick freddie_leaf Slackware 15 11-09-2004 02:41 AM
USB Memory Stick jmdlcar Linux - Hardware 1 01-09-2004 08:03 PM


All times are GMT -5. The time now is 04:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration