Re: how to write-protect removable media

zubi schrieb:

But when I pop in a blank cd as another user, k3b starts up and indeed
allows me to write to it. It seems to ignore the raw device.

k3b is just a GUI for cdrecord/cdrdao. Both may be installed SUID root on
your system and thus, render your user rights scheme useless. They used to
need root rights to enable real-time scheduling to avoid buffer underruns
but on a modern system that is not needed anymore (low priority RT
scheduling is usually available to user processes, too), so you can safely
change both to non-SUID.

Even if they are not SUID root, there is still another set of device nodes
you have to cover: /dev/sg*. These nodes are used when the device for
cdrecord/cdrdao is selected with the Bus,Device,LUN device selection
scheme. Unfortunately, all the "SCSI" devices are enumerated here so your
udev rules have to sort out the CDROM through the device attributes. See

# udevadm info --query=name --name=/dev/sg0 --attribute-walk

E.g. ATTRS{type}=="0" are fixed disks, ATTRS{type}=="5" are CDROMS.


Likewise USB automatically
mount it on /media/VENDORNAME and that user can still write to it.

The permissions on a mounted filesystem usually are noted inside that
filesystem itself. So if the USB stick has a filesystem where a user zubi
(uid=1000) is given all rights to manipulate the / of that filesystem, the
user jan (uid=1000) on another system the stick is plugged in will gain
those rights on it.

The only exception are filesystems which do not support permissions: FAT and
ISO9660 *without* Rock Ridge extensions. For the former, there is a mount
option where you can set the user, group and permission bits for *all*
files on the filesystem. Those are faked permissions as they cannot be
changed for an individual file.


But there is another mount option common to *all* filesystems: "ro",
readonly. You have to change the automounter's configuration (which one do
you use?) to add that mount option to all automounted filesystems.

Kind regards

Jan

.

Relevant Pages

  • Re: Security and Sharing
    ... When they are logged in locally only the filesystem permissions are ... allows to them provided that the share level permissions are not less. ... "read and file scan rights". ... If you want then to be able to read files and browse the folder structure ...
    (microsoft.public.security)
  • Re: Ubuntu 7.10 and DVD-RAM
    ... account you use simply have not enough rights to write to the filesystem? ... change the permissions on the mounted disk accordingly. ... certainly question of permissions on the filesystem. ...
    (Ubuntu)
  • Re: Security and Sharing
    ... When they are logged in locally only the filesystem permissions are needed. ... When they access over the network they can do anything that the filesystem ... If you want then to be able to read files and browse the folder structure ...
    (microsoft.public.security)
  • Re: Security and Sharing
    ... When they are logged in locally only the filesystem permissions are needed. ... When they access over the network they can do anything that the filesystem ... If you want then to be able to read files and browse the folder structure ...
    (microsoft.public.security)
  • Re: [RFC] FUSE permission modell (Was: fuse review bits)
    ... > 2) Suid and device semantics should be disabled within the mount ... I can see plenty of uses where I want a filesystem generated by ... permissions model - which will break some programs? ... For most virtual filesystems, the "remote" information does not map to ...
    (Linux-Kernel)