2

How would I go about disabling reading from usb sticks but still have the ability to write to them? The reasoning is this is a public internet access (kiosk more or less) computer but we want the user to be able save files to a usb stick but not have the ability to save files to the machine or execute files from the usb stick.

Thank you

WalterJ89
  • 235
  • 2
  • 10
  • Interesting problem: the USB drives are auto-mounted, so you'd have to work out how that happens, and whether you can configure a mount in write-only mode. – PP. Mar 02 '10 at 11:41
  • I never thought it would be possible to even have write-only storage (because you need to read the filesystem and all that stuff). – user1686 Mar 02 '10 at 16:38

3 Answers3

1

http://www.tuxfiles.org/linuxhelp/fstab.html

exec and noexec exec lets you execute binaries that are on that partition, whereas noexec doesn't let you do that. noexec might be useful for a partition that contains binaries you don't want to execute on your system, or that can't even be executed on your system. This might be the case of a Windows partition.

1

If I were you, I'd leave the USB stick read-write (as that makes a lot of sense), but I'd set your machine's partitions to read-only. If you lock down X enough (prevent anyone from opening a shell via xterm, for example), then it should be a piece of cake.

Some notes : mount /var as a ramdisk? use noexec to prevent exection of binaries

It might be easier to just chroot execute the browser, with the USB-stick mounted under the chrooted jail.

Nate
  • 144
  • 5
1

Unless you control the USB sticks, write-only isn't going to work well. You're going to end up with all sorts of support issues and grousing by your users.

If I were you, I would setup the kiosks to run as dumb LTSP terminals, and start the users with a completely clean environment with every session. There are all sorts of ways to do this... my college had an XTerminal lab running on some ancient Unix back in 1994.

duffbeer703
  • 20,797
  • 4
  • 31
  • 39