RHEL5 Mount USB readonly for security

Latest response

Can anyone help with how to automount USB devices read-only for security?  I've hunted around and I can't find a clear answer and my various attempts have failed.  Here's where I'm at which isn't working.


I have RHEL5 and from what I can tell HALD manages the automounting.  HAL seems to have 2 primary directories:





The difference between the two is unclear to me.


Based on some examples, I created the following file:

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->

<deviceinfo version="0.2">
    <match key="@block.storage_device:storage.bus" string="usb">
      <merge key="volume.policy.mount_option.ro" type="bool">true</merge>

No matter what I call this file or where I put it, any USB device still mounts RW.  How do I fix this?  (Note, I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.)




Hi Jerry,


hald is not the right spot to look at - try udev and implement a udev rule for the specific disc, mounting it read only.


Here is a good read how to do it:









If you are still in trouble have a look at /etc/auto.misc

maybe you can put an entry in there similar to

cd               -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom



UDEV rules can be perfect for this. However, if you aren't implementing fine-grained access control, even for prvileged accounts, you may find that your UDEV rules get re-written and your lockdowns get overridden.