RHEL5 Mount USB readonly for security

Latest response

Can anyone help with how to automount USB devices read-only for security?  I've hunted around and I can't find a clear answer and my various attempts have failed.  Here's where I'm at which isn't working.

 

I have RHEL5 and from what I can tell HALD manages the automounting.  HAL seems to have 2 primary directories:

/etc/hal/fdi

-and-

/usr/share/hal/fdi

 

The difference between the two is unclear to me.

 

Based on some examples, I created the following file:

--------------------
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->

<deviceinfo version="0.2">
<device>
    <match key="@block.storage_device:storage.bus" string="usb">
      <merge key="volume.policy.mount_option.ro" type="bool">true</merge>
    </match>
  </match>
</device>
</deviceinfo>
--------------------

No matter what I call this file or where I put it, any USB device still mounts RW.  How do I fix this?  (Note, I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.)

 

Thanks.

Responses

Hi Jerry,

 

hald is not the right spot to look at - try udev and implement a udev rule for the specific disc, mounting it read only.

 

Here is a good read how to do it:

 

http://www.redhat.com/magazine/002dec04/features/udev/

 

Cheers

 

Marko

Jerry,

 

If you are still in trouble have a look at /etc/auto.misc

maybe you can put an entry in there similar to

cd               -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom

 

James

UDEV rules can be perfect for this. However, if you aren't implementing fine-grained access control, even for prvileged accounts, you may find that your UDEV rules get re-written and your lockdowns get overridden.