access regulation for block devices with hal?

Jelle de Jong jelledejong at powercraft.nl
Wed Oct 29 01:50:39 PDT 2008


Jelle de Jong wrote:
> Hello everybody,
> 
> I am searching for a solution for the following situation:
> 
> I have created a system where multiple users work at the same time on
> one system (multiseat) Every user has his own usb hub and unique linux
> username and group.
> 
> I created udev rules that setup the group permissions of block devices
> depending on the location where the usb stick is plugged in.
> 
> Creating the following example situation:
> 
> unity:~# ls -hal /dev/sd*
> brw-rw---- 1 root disk  8,  0 okt 26 12:32 /dev/sda
> brw-rw---- 1 root disk  8,  1 okt 26 12:32 /dev/sda1
> brw-rw---- 1 root user0 8, 16 okt 26 12:32 /dev/sdb
> brw-rw---- 1 root user0 8, 17 okt 26 12:32 /dev/sdb1
> brw-rw---- 1 root user1 8, 32 okt 26 12:32 /dev/sdc
> brw-rw---- 1 root user1 8, 33 okt 26 12:32 /dev/sdc1
> 
> So now user0 should not be able to access the device with group user1.
> This works fine with parted, fdisk, dd etcetera. But I would like to be
> able to let the user0 mount its device dev/sdb1.
> 
> So her comes the question, how can I let user0 mounts his usb stick with
> group user0 and how can I let user1 mounts his usb stick with group
> user1 without user0 or user1 being able to access other devices where
> they have group rw permission on...
> 
> I would like to regulate this with HAL rules, only showing devices to a
> user that he has access to and can mount, also make sure the mount is
> not accessible by other users.
> 
> I have experimented with /etc/fstab but this is all static configuration
> and seems not flexible enough.
> 
> Any ideas are welcome,
> 
> Kind regards,
> 
> Jelle de Jong

I have waited some time now hoping for some help, did I do something
wrong? Is the question unclear?

I would love to create some hal rules that check the owner and group of
a device, and then mount it with some corresponding rules. any examples
would be great, since I have no idea how to do this with hal.

Kind regards,

Jelle


More information about the hal mailing list