How do I deny user to mount floppy, cdrom and usbstick ?
Matt Morgan
minxmertzmomo at gmail.com
Wed Feb 9 15:41:11 UTC 2005
On Wed, 9 Feb 2005 14:22:17 +0100 (MET), Karl-Olov Serrander
<kase at cntw.com> wrote:
> Running FC2/FC3 in a sensitive environment we need to deny ordinary
> users the possibilty to read or write floppy/cdrom/usbsticks.
>
> We need to be able to give som users/machines permissions to do nothing/read/write
> floppy/cdrom/usbsticks.
>
> How can this be done ?
Can you put the computers in locking cases? Sometimes that's the
easiest/best way. For one thing, it's easy for a non-technical
security guard to know when the security has been altered, so you
don't have to be querying logs all the time.
Otherwise, in addition to breaking removable devices in the OS, you
might also want grub passwords, BIOS passwords, etc., because you'll
have to prevent booting from CD's and floppies, too, to stop people
from starting up a different copy of the OS. That can all be hard to
keep track of.
Depending on the sensitivity, it probably makes sense to turn off what
you can in software, also, but do consider physical security as part
of the broader solution. There are off-the-shelf cases that don't cost
very much.
More information about the fedora-list
mailing list