access rights to usb drives via ssh
David Zeuthen
david at fubar.dk
Wed Feb 16 12:02:38 PST 2005
On Tue, 2005-02-15 at 18:29 +0000, Jim Deakin wrote:
>Hi,
> my home machine runs Redhat FC3, and I have a couple of external
>disks connected via usb2. One is FAT32, which I could read and
>write ok, and the other has multiple ntfs volumes. I've added the
>ntfs drivers from flathat, and can now read the ntfs volumes ok
>at home, which is all the access I need. The trouble is I can't
>read them when I "ssh -Y" from work. I used to be able to access
>the FAT32 disk from work, but no more. The ntfs one has only just
>been added. I suspect the new 'hal' hotplug system has changed
>things. Can anyone give tell me what I need to change to restore
>my access, or point me in the right direction if I'm barking up
>the wrong tree?
Well, this is a Fedora specific, but I think it applies here as well.
For Fedora, we only want to allow authorized users at the console to
access storage devices attached at the console since people may run
multi-user systems and give a unprivileged account to friends so they
can login from remote.
> A couple of lines from /etc/fstab are below...
>/dev/sdb1 /media/usbdisk vfat
>pamconsole,exec,noauto,iocharset=utf8,fscontext=system_u:object_r
>:removable_t,managed 0 0
>/dev/sda4 /media/CS-F ntfs
>pamconsole,exec,noauto,fscontext=system_u:object_r:removable_t,ma
>naged 0 0
>
Hence, to enforce that policy we use the pamconsole mount option instead
of the less restrictive user mount point. It seems like you want the
latter. You should put the attached file
in /usr/share/hal/fdi/95userpolicy and then restart the haldaemon. That
should do the trick.
Hope this helps,
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: user-instead-of-pamconsole.fdi
Type: application/x-extension-fdi
Size: 396 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/hal/attachments/20050216/5ccab94c/user-instead-of-pamconsole.bin
-------------- next part --------------
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list