[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Protecting hard disks on terminalserver clients

Hi Andrew,

On Thu, Aug 18, 2011 at 07:55:40 -0400, Andrew wrote:

> I have some windows boxes and would like to use Knoppix terminalserver to
> provide a linux alternative.  The users should have full access to any usb
> devices they plug in, but I do not want them to be able to (accidentally
> or intentionally) clobber the windows drives; they should only be
> mountable ro, or perhaps not mountable at all.

If the terminal server users never get root privileges, you can unbind
the SATA controller(s) from their driver via sysfs in some initscript. Of
course this is only possible if the CDROM drive is not connected to the
same controller.


Example: AHCI controller on Lenovo ThinkPad X60s

root@tp:/# ls -l /sys/bus/pci/drivers/ahci/
total 0
lrwxrwxrwx    1 root     root            0 Oct 21 12:13 0000:00:1f.2 -> ../../../../devices/pci0000:00/0000:00:1f.2/
--w-------    1 root     root         4096 Oct 21 12:13 bind
lrwxrwxrwx    1 root     root            0 Oct 21 12:13 module -> ../../../../module/ahci/
--w-------    1 root     root         4096 Oct 21 12:13 new_id
--w-------    1 root     root         4096 Oct 21 12:13 remove_id
--w-------    1 root     root         4096 Oct 21 12:13 uevent
--w-------    1 root     root         4096 Oct 21 12:13 unbind

root@tp:/# echo 0000:00:1f.2 > /sys/bus/pci/drivers/ahci/unbind

root@tp:/# lspci -n | grep "1f\.2"
00:1f.2 Class 0106: 8086:27c5 (rev 02)

root@tp:/# echo "8086 27c5" > /sys/bus/pci/drivers/ahci/remove_id


Hope this helps,
  Chris
-- 
Christian Perle                                    chris AT linuxinfotag.de
010111                                              http://chris.silmor.de/
101010                          LinuxGuitarKitesBicyclesBeerPizzaRaytracing
Reply to: