Re: Protecting hard disks on terminalserver clients
Hi Andrew,
On Thu, Aug 18, 2011 at 07:55:40 -0400, Andrew wrote:
> I have some windows boxes and would like to use Knoppix terminalserver to
> provide a linux alternative. The users should have full access to any usb
> devices they plug in, but I do not want them to be able to (accidentally
> or intentionally) clobber the windows drives; they should only be
> mountable ro, or perhaps not mountable at all.
If the terminal server users never get root privileges, you can unbind
the SATA controller(s) from their driver via sysfs in some initscript. Of
course this is only possible if the CDROM drive is not connected to the
same controller.
Example: AHCI controller on Lenovo ThinkPad X60s
root@tp:/# ls -l /sys/bus/pci/drivers/ahci/
total 0
lrwxrwxrwx 1 root root 0 Oct 21 12:13 0000:00:1f.2 -> ../../../../devices/pci0000:00/0000:00:1f.2/
--w------- 1 root root 4096 Oct 21 12:13 bind
lrwxrwxrwx 1 root root 0 Oct 21 12:13 module -> ../../../../module/ahci/
--w------- 1 root root 4096 Oct 21 12:13 new_id
--w------- 1 root root 4096 Oct 21 12:13 remove_id
--w------- 1 root root 4096 Oct 21 12:13 uevent
--w------- 1 root root 4096 Oct 21 12:13 unbind
root@tp:/# echo 0000:00:1f.2 > /sys/bus/pci/drivers/ahci/unbind
root@tp:/# lspci -n | grep "1f\.2"
00:1f.2 Class 0106: 8086:27c5 (rev 02)
root@tp:/# echo "8086 27c5" > /sys/bus/pci/drivers/ahci/remove_id
Hope this helps,
Chris
--
Christian Perle chris AT linuxinfotag.de
010111 http://chris.silmor.de/
101010 LinuxGuitarKitesBicyclesBeerPizzaRaytracing
Reply to: