Re: [OT] Problem restricting user privileges in ubuntu 7.10

To: debian-user <debian-user@lists.debian.org>
Subject: Re: [OT] Problem restricting user privileges in ubuntu 7.10
From: Raj Kiran Grandhi <grajkiran@gmail.com>
Date: Fri, 14 Mar 2008 07:26:29 +0530
Message-id: <[🔎] 47D9DB4D.8090009@gmail.com>
In-reply-to: <47D9CB5F.3000507@gmail.com>
References: <[🔎] 47D9C6C7.5090405@gmail.com> <47D9CB5F.3000507@gmail.com>

Rich Healey wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Raj Kiran Grandhi wrote:

Sorry for the non debian-specific post.

I am facing some trouble in disabling user access to external storage
devices on a ubuntu 7.10 system. I have created an unprivileged user,
'guest'. The user is not a member of any other group than the default.

$ id guest
uid=1001(guest) gid=1001(guest) groups=1001(guest)

With this setup, I would expect that 'guest' does not have any access to
removable storage media like cdroms and usb flash drives. However, when
I plug in a usb flash disk while logged in as 'guest', the disk is
automagically mounted and nautilus happily displays it contents. Same
for cdroms.

I have found that this behaviour is present with both the default
install as well as with all security updates installed.

Neither my home computer running sid or the one at work running etch
exhibit this problem. In both, I get a plain permission denied error
when I try to do anything fancy with external media and I have to
explicitly add user to the plugdev group to allow access.

How can I achieve something similar in ubuntu? This appears to be such a
trivial issue but I have no clue as to how to go about it.

Thank you,
Raj Kiran Grandhi

a) this is the DEBIAN list.

Sorry for that Rich. But I did apologize in advance and mark my messagewith an [OT] :)

I have not had much luck with the ubuntu list. Google could not help meeither and I needed to resolve this issue as soon as possible. Sinceubuntu is almost, but not quite, entirely based on sid, I was hopingsomeone on this list would have an idea as to how the whole thing worksin the background.

b) alter your udev/hal/automount/whatever's mounting the device rules to
mount it 750.. whatever you want but with 0 in the other permission byte.

I am fairly certain that it is hal that is doing the automount (nautiluscalls gnome-mount which in turns calls hal) The device gets mounted withthe permissions 700 and owned by the unprivileged user. However, thepermissions of the mount are not the issue. The fact that the device isgetting mounted inspite of the user not belonging to the plugdev group is.

As a hack, I can try changing the ownership and permissions ofgnome-mount to root:plugdev, 750. Shall try that when I get to office.


--
Raj Kiran Grandhi

Reply to:

Follow-Ups:
- Re: [OT] Problem restricting user privileges in ubuntu 7.10
  - From: Ron Johnson <ron.l.johnson@cox.net>

References:
- [OT] Problem restricting user privileges in ubuntu 7.10
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>

Prev by Date: Re: compiz on Debian Sid: jerking video replay
Next by Date: Re: nvidia drivers on debian
Previous by thread: Re: [OT] Problem restricting user privileges in ubuntu 7.10
Next by thread: Re: [OT] Problem restricting user privileges in ubuntu 7.10
Index(es):
- Date
- Thread