-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/13/08 20:56, Raj Kiran Grandhi wrote:
Rich Healey wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Raj Kiran Grandhi wrote:
Sorry for the non debian-specific post.
I am facing some trouble in disabling user access to external storage
devices on a ubuntu 7.10 system. I have created an unprivileged user,
'guest'. The user is not a member of any other group than the default.
$ id guest
uid=1001(guest) gid=1001(guest) groups=1001(guest)
With this setup, I would expect that 'guest' does not have any access to
removable storage media like cdroms and usb flash drives. However, when
I plug in a usb flash disk while logged in as 'guest', the disk is
automagically mounted and nautilus happily displays it contents. Same
for cdroms.
I have found that this behaviour is present with both the default
install as well as with all security updates installed.
Neither my home computer running sid or the one at work running etch
exhibit this problem. In both, I get a plain permission denied error
when I try to do anything fancy with external media and I have to
explicitly add user to the plugdev group to allow access.
How can I achieve something similar in ubuntu? This appears to be such a
trivial issue but I have no clue as to how to go about it.
Thank you,
Raj Kiran Grandhi
a) this is the DEBIAN list.
Sorry for that Rich. But I did apologize in advance and mark my message
with an [OT] :)
I have not had much luck with the ubuntu list. Google could not help me
either and I needed to resolve this issue as soon as possible. Since
ubuntu is almost, but not quite, entirely based on sid, I was hoping
someone on this list would have an idea as to how the whole thing works
in the background.
b) alter your udev/hal/automount/whatever's mounting the device rules to
mount it 750.. whatever you want but with 0 in the other permission byte.
I am fairly certain that it is hal that is doing the automount (nautilus
calls gnome-mount which in turns calls hal) The device gets mounted with
the permissions 700 and owned by the unprivileged user. However, the
permissions of the mount are not the issue. The fact that the device is
getting mounted inspite of the user not belonging to the plugdev group is.
As a hack, I can try changing the ownership and permissions of
gnome-mount to root:plugdev, 750. Shall try that when I get to office.
I don't think that's going to work.
When I (running Sid) insert a thumb drive, this is what the device
looks like:
$ dir /dev/sdc1
brw-rw---- 1 root floppy 8, 33 2008-03-13 21:53 /dev/sdc1
and this is what the relevant mtab entry looks like:
$ cat /etc/mtab | grep sdc1
/dev/sdc1 /media/disk vfat \
rw,nosuid,nodev,uhelper=hal,shortname=lower,uid=1000 0 0
It really appears to me that in this case that Ubuntu is too
different from Debian.
BTW, this is what happens when I try to unmount a thumb drive that
was mounted at boot:
$ umount -v /media/disk
/sbin/umount.hal: Unmounting /media/disk failed:
org.freedesktop.Hal.Device.PermissionDeniedByPolicy:
org.freedesktop.hal.storage.unmount-others no <-- (privilege, result)
<pause>
This "root@haggis:/etc# rgrep floppy *" led me to
/etc/udev/permissions.rules which has these 2 lines in them:
# all block devices on these buses are "removable"
SUBSYSTEM=="block", SUBSYSTEMS=="usb|ieee1394|mmc|pcmcia", \
GROUP="floppy"
So, I'd look to see what the Ubuntu version of that file says.
- --
Ron Johnson, Jr.
Jefferson LA USA
"Working with women is a pain in the a**."
My wife
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH2eyRS9HxQb37XmcRAvSuAKCYgzNTj19f5MDSb1w2ICge/9B15wCg2NUx
vgCweHXdZJQQyo4hQU8fu7Q=
=l0hh
-----END PGP SIGNATURE-----