LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-02-2010, 07:34 AM   #1
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Rep: Reputation: 15
Disable CR ROM drive in RHEL


I have one RHEL server which is placed near a corner of the server room. Few people are using this server to watch movies and unwanted photos. I want to disable access to CD ROM. disabling the eject button of the drive wont work, as they used pin to force open the drive tray. Can I delete the cd rom drivers from the hard disk so that no CD will be detected ?
 
Old 03-02-2010, 07:43 AM   #2
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 12,768
Blog Entries: 27

Rep: Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082
Hi,

How do you have the 'groups' setup? What about how do you have the server console setup locally? What about your '/etc/fstab'? It seems that the server is open for client usage locally. Why do you have application(s) for video setup to allow viewing on a server? Several holes on this server that you could close via permissions or plain old application removal. Lock the device via permissions!
 
1 members found this post helpful.
Old 03-02-2010, 07:45 AM   #3
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 249Reputation: 249Reputation: 249
You can use udev rules to disable the device completely.
Read this :

http://reactivated.net/writing_udev_rules.html

Especially the bit about ignore_device and last_rule
You have to know what the device is called to create a rule.
Read the whole document before you do anything, as it tells you how to determine the device name and where to put the rules.
 
Old 03-02-2010, 08:45 PM   #4
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by onebuck View Post
Hi,

How do you have the 'groups' setup? What about how do you have the server console setup locally? What about your '/etc/fstab'? Why do you have application(s) for video setup to allow viewing on a server? Several holes on this server that you could close via permissions or plain old application removal. Lock the device via permissions!
No groups. only one username is present for the server, apart from the root. everyone uses this username to boot the server daily. can't help it. I removed a-v applications, still they r coming up with some application and launching from the cd itself. They also watch images.

I did not see /etc/fstab. will definitely look into it.
 
Old 03-04-2010, 07:12 AM   #5
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
Onebuck,
I checked fstab. The entries start with some thing like .......
/dev/hda /mnt/cdrom default 0 0


I deleted the above line from /etc/fstab file and restarted it. After restart, this fstab file has come up with the same /dev/hda entry. CD drive is also working. How to stop CD drive from getting detected at the time of booting itself ?
 
Old 03-04-2010, 10:55 AM   #6
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,134

Rep: Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876
i would just unplug the the drive.

what does ll /dev/hda give you.

would sudo chmod 700 /dev/hda do the trick ?
or sudo mv /dev/hda /dev/hda.bak

Last edited by schneidz; 03-04-2010 at 10:58 AM.
 
Old 03-04-2010, 11:21 AM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,002

Rep: Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333
Quote:
Originally Posted by planetmars View Post
Onebuck,
I checked fstab. The entries start with some thing like .......
/dev/hda /mnt/cdrom default 0 0


I deleted the above line from /etc/fstab file and restarted it. After restart, this fstab file has come up with the same /dev/hda entry. CD drive is also working. How to stop CD drive from getting detected at the time of booting itself ?
Well, how are they using it? Over the network, or at the console?

Either way, if you're the administrator, you hold the keys. So lock the console as YOU (so only you can unlock it). Via the network? Remove users from the cdrom and disk groups, so non-root users can't mount disks.

Unplugging the drive and editing fstabs wouldn't be the way I'd go, since that makes maintenance more difficult later, but that's your call. Personally, every time I saw a disk in that drive, I'd just take it out, snap it in half, and drop it in the trash. If anyone yammered on about "that was MY disk", I'd tell them to drop dead, and if they kept it in their OWN computer, they'd still have it.
 
Old 03-04-2010, 07:26 PM   #8
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
they have access to the console. the server has two logins, root and oracle. everyone is supposed to know the second user (oracle) password, as they start the oracle server on daily basis. I do not sit at the console all the time. I cannot plug out the cd rom drive, as it requires me to take backups of the database weekly.


I will check ll /dev/hda and get back to you.

Thanks
 
Old 03-04-2010, 08:00 PM   #9
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 12,768
Blog Entries: 27

Rep: Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082
Hi,

If you have just two users then limit the Oracle users.

BTW, you can still disable the CDROM & enable when you are going to backup. Limit that Oracle account. Provide the user with a script to allow/permit the launch. You are treading on ground that will eventually cause problems with open console access to the server.

 
Old 03-04-2010, 08:40 PM   #10
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,002

Rep: Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333Reputation: 4333
Quote:
Originally Posted by planetmars View Post
they have access to the console. the server has two logins, root and oracle. everyone is supposed to know the second user (oracle) password, as they start the oracle server on daily basis. I do not sit at the console all the time. I cannot plug out the cd rom drive, as it requires me to take backups of the database weekly.

I will check ll /dev/hda and get back to you.
Unless they sit at the console all day, every day, they can log in over the network, as oracle, and start the database. If you're the admin, change the root password, and keep them out of it, since they don't need to know it. As onebuck said, limit the oracle user, and keep them off the drive.

YOU, the administrator, is ultimately responsible for the server, and what happens on it. If they get in as root, and do an "rm -fR /", it won't be them that's restoring the server...it's you. Did they get in and start watching a heavily R rated movie, and offend someone? Yep...it's you that's going to have to explain why.

If they don't like it, hand the server to them, take your user ID off it, and make sure you don't have the password, period. Your hands are then clean.
 
Old 03-04-2010, 08:47 PM   #11
lupusarcanus
Senior Member
 
Registered: Mar 2009
Location: USA
Distribution: Arch
Posts: 1,022
Blog Entries: 19

Rep: Reputation: 146Reputation: 146
Quote:
Originally Posted by TB0ne View Post
Unless they sit at the console all day, every day, they can log in over the network, as oracle, and start the database. If you're the admin, change the root password, and keep them out of it, since they don't need to know it. As onebuck said, limit the oracle user, and keep them off the drive.

YOU, the administrator, is ultimately responsible for the server, and what happens on it. If they get in as root, and do an "rm -fR /", it won't be them that's restoring the server...it's you. Did they get in and start watching a heavily R rated movie, and offend someone? Yep...it's you that's going to have to explain why.

TB0ne is right. Make some good passwords; lock up the server room, and do what TB0ne said up there. And if you can't handle the heat...

Quote:
Originally Posted by TB0ne View Post
If they don't like it, hand the server to them, take your user ID off it, and make sure you don't have the password, period. Your hands are then clean.
...then get out of the kitchen!

Last edited by lupusarcanus; 03-04-2010 at 08:49 PM. Reason: spelling & punctuation
 
Old 03-05-2010, 08:34 PM   #12
planetmars
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by onebuck View Post
Hi,

If you have just two users then limit the Oracle users.

BTW, you can still disable the CDROM & enable when you are going to backup. Limit that Oracle account.
How to limit the user 'oracle' ? I tried google but could not find such script to enable/disable cd rom drive
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable CPU throttling on RHEL 5 ykwok Red Hat 1 04-06-2009 03:16 PM
how to disable promiscuous mode in RHEL jindalarpan Linux - Security 6 09-10-2008 12:34 PM
How to disable games on RHEL 4 hopfingera Linux - Newbie 4 07-09-2008 05:11 PM
Disable CD-rom auto eject on shutdown the-yikes Slackware 10 01-27-2007 11:42 AM
RHEL 3 - Can't disable antialiasing jaloba Red Hat 1 08-29-2005 11:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration