Disable mounting removable media
 

Hi,

I would like to disable mounting the removable media like CD-Rom, USB, Floppy etc.. on the server.

How can I achieve it. Also how to enable it whenever I required?

I am using RHEL 4 AS version.

do you Disable auto mount or prevent mounting period?

If you disable or uninstall HAL (engine that scans for new disks)
USB cd/dvd wont be mounted unless you use the full mount -t command.

It's a bit of a hack, and it'll probably end up making lots of warning/error messages in the system logs, and it is only for USB devices, but IF your setup has the usb_storage kernel module compiled as a module (and not simply built into the kernel itself), you can blacklist the usb_module kernel module. I tried it, and it works on Ubuntu.

In Ubuntu this can be done by creating a file in /etc/modprobe.d (with any name), containing:

Not sure how to do the same thing in RHEL. Anyone know?

Here I would like to disable automount and also using command (mount -t .......).
That is whenever anyone tries to mount any USB/CD/any removable media to copy some data it shouldn't allow them to do so.
Only I (superuser) want to enable mounting it whenever I required.

Is there anything possible to lock the mount process to work only for UID 0 or something like that???
If so is there any problem when the system boots??
I tried to rename the mount command and it worked fine. But when the system boots it fails to locate the "mount" command to mount the disks and it hangs. Where are the modifications I need to do this.

Hey i just had an idea so great its Petarded

Add this line to a startup script (after all devices have been mounted)
on Mandriva i have no idea else where
/etc/rc.local (the last list of command before prompt is shown)


this way noone can use mount
effects are not permanent and your drives will still mount at bootup.

Gatekeeper:~ # mount
access to removable devices has been disabled
Gatekeeper:~ #

But what about automount???

This is very easy to circumvent: just call mount with its full path (/bin/mount).

The safe way to do this would be to edit /etc/fstab and add "nouser" to the usb storage line:
This should effectively prevent anyone from mounting usb devices. The normal mount command with mount point and options can only be executed by root (at least on my system, ubuntu).

Regards,
Lothar

You used the words, not me, but this is a somewhat retarded solution which can be easily bypassed by someone invoking mount with it's full path, or by simply deleting the alias from the shell.

If you kill off (or simply don't run) the automounter that takes care of auto-mounting, and if you'r e not using HAL/dbus there's nothing else that's likely to be able to automatically mount things.

Users can not, by default, mount anything. As long as you don't have anything in /etc/fstab saying they can mount media, only root will be able to do this.