access regulation for block devices with hal?
Jelle de Jong
jelledejong at powercraft.nl
Wed Oct 29 01:50:39 PDT 2008
Jelle de Jong wrote:
> Hello everybody,
>
> I am searching for a solution for the following situation:
>
> I have created a system where multiple users work at the same time on
> one system (multiseat) Every user has his own usb hub and unique linux
> username and group.
>
> I created udev rules that setup the group permissions of block devices
> depending on the location where the usb stick is plugged in.
>
> Creating the following example situation:
>
> unity:~# ls -hal /dev/sd*
> brw-rw---- 1 root disk 8, 0 okt 26 12:32 /dev/sda
> brw-rw---- 1 root disk 8, 1 okt 26 12:32 /dev/sda1
> brw-rw---- 1 root user0 8, 16 okt 26 12:32 /dev/sdb
> brw-rw---- 1 root user0 8, 17 okt 26 12:32 /dev/sdb1
> brw-rw---- 1 root user1 8, 32 okt 26 12:32 /dev/sdc
> brw-rw---- 1 root user1 8, 33 okt 26 12:32 /dev/sdc1
>
> So now user0 should not be able to access the device with group user1.
> This works fine with parted, fdisk, dd etcetera. But I would like to be
> able to let the user0 mount its device dev/sdb1.
>
> So her comes the question, how can I let user0 mounts his usb stick with
> group user0 and how can I let user1 mounts his usb stick with group
> user1 without user0 or user1 being able to access other devices where
> they have group rw permission on...
>
> I would like to regulate this with HAL rules, only showing devices to a
> user that he has access to and can mount, also make sure the mount is
> not accessible by other users.
>
> I have experimented with /etc/fstab but this is all static configuration
> and seems not flexible enough.
>
> Any ideas are welcome,
>
> Kind regards,
>
> Jelle de Jong
I have waited some time now hoping for some help, did I do something
wrong? Is the question unclear?
I would love to create some hal rules that check the owner and group of
a device, and then mount it with some corresponding rules. any examples
would be great, since I have no idea how to do this with hal.
Kind regards,
Jelle
More information about the hal
mailing list