LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-09-2012, 05:48 AM   #1
foogle
LQ Newbie
 
Registered: Nov 2009
Posts: 2

Rep: Reputation: 0
Controlling USB media access on Red Hat or Centos Linux 6.3


I'm trying to control which users can use USB media (mass storage devices such as USB memory sticks and hard-drives) on Red Hat/ Centos 6.3 Linux. I would like something that is network wide, so a group permission based scheme would be preferred, e.g. where a user is put in a group and that gives them read-only or read-write access, etc.

I have been told that mediad can be used to manage this but I can't figure out how. I've also come across cgroup/ cgconfig but cannot figure that out either.

How should I go about achieving this?
 
Old 11-09-2012, 09:02 AM   #2
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: /root
Distribution: Slackware & BSD
Posts: 1,220

Rep: Reputation: 231Reputation: 231Reputation: 231
Quote:
I would like something that is network wide, so a group permission based scheme would be preferred, e.g. where a user is put in a group and that gives them read-only or read-write access, etc.
There are three basic permission bits u-g-o: set the "read-only" group the lowest level 'o=4' doing this at the mount point:

chmod 764 making 'o' "others" as the universal "read-only" group.

Then create one group e.g. 'writergroup' who thereby has r-w permissions to the volume.

~# groupadd -g 1200 writergroup

~# chown -R root:writergroup 'mountpoint'
~# chmod 764 'mountpoint'

That should make "you" the owner, to have read, write, execute permissions;
The 'writergroup' members to have read-write permissions to the volume; and
The 'others' (regular users) only have the read permission but cannot write.

You can now ignore all users who only have read access to the volume, and choose few to whom you may grant writing access:

~# gpasswd -M john,mary,magdalene,rashid,omar,abdul,mao_tzetung,brianAdam writergroup

Done.

Quote:
I have been told that mediad can be used to manage this but I can't figure out how. I've also come across cgroup/ cgconfig but cannot figure that out either.
Excuse me. "cgroup" is not a toy in the userland. It was a system recently introduced by Linux Kernel coders to improve resource management and process accounting by the kernel. It is the plaything of the masters, but not for us.

Quote:
How should I go about achieving this?
"The magic is in the magician; not in the wand." as I frequently enjoy reading it from someone's signature here. So, do it now and do it yourself. Manipulate the 3 permission bits.

Another trick: Set the previous case to chmod 740, create 'reader' group, chown the point as root:reader, by this only this group have access to it and only reading access; remount the same volume to another point and set it to be accessible exclusively by another group this time with different rights chmod it to 760. That way you have excluded 'others' (or regular users) from even reading the volume. Do not use " -R " switch as it will descend into the descendant folders and files. You have made the volume promiscuous, a security concern.

Hope that helps.

Good luck.
 
Old 11-09-2012, 10:58 AM   #3
foogle
LQ Newbie
 
Registered: Nov 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks.

With the USB devices in question, I don't know where the mountpoint will be, as it is created on the fly based on the volume label of the media inserted, e.g. /media/MyUsbStick. I was considering applying your strategy in a udev rule but that kicks in before the mountpoint is known and the device then automounts with 700 permissions, owned by the logged in user.

I think this relates to automount but the auto.master man page doesn't help me figure out how to control the permissions of the mountpoint used.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to install VLC Media Player on CentOS 6 and Red Hat (RHEL) 6 sunjayasri Linux - Software 1 07-18-2012 03:16 AM
any media player for red hat enterprise Linux 5. roni_atx Linux - Software 5 11-19-2008 08:41 AM
media player for red hat enterprise Linux 5. roni_atx Linux - Software 1 10-13-2008 08:57 AM
media player for red hat enterprise Linux 5.1 shridhar005 Linux - Newbie 4 09-08-2008 08:26 AM
Mount /Access USB DVD+RW Red Hat V3 KBauerschmidt Linux - Hardware 2 08-26-2008 02:10 PM


All times are GMT -5. The time now is 01:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration