How would I go about disabling reading from usb sticks but still have the ability to write to them? The reasoning is this is a public internet access (kiosk more or less) computer but we want the user to be able save files to a usb stick but not have the ability to save files to the machine or execute files from the usb stick.
Thank you
-
http://www.tuxfiles.org/linuxhelp/fstab.html
exec and noexec exec lets you execute binaries that are on that partition, whereas noexec doesn't let you do that. noexec might be useful for a partition that contains binaries you don't want to execute on your system, or that can't even be executed on your system. This might be the case of a Windows partition.
WalterJ89 : thanks for the link -
If I were you, I'd leave the USB stick read-write (as that makes a lot of sense), but I'd set your machine's partitions to read-only. If you lock down X enough (prevent anyone from opening a shell via xterm, for example), then it should be a piece of cake.
Some notes : mount /var as a ramdisk? use noexec to prevent exection of binaries
It might be easier to just chroot execute the browser, with the USB-stick mounted under the chrooted jail.
WalterJ89 : i think that's what we will do..From Nate -
Unless you control the USB sticks, write-only isn't going to work well. You're going to end up with all sorts of support issues and grousing by your users.
If I were you, I would setup the kiosks to run as dumb LTSP terminals, and start the users with a completely clean environment with every session. There are all sorts of ways to do this... my college had an XTerminal lab running on some ancient Unix back in 1994.
From duffbeer703
0 comments:
Post a Comment