nix User Access Restrictions to Network, USB ports, PCMCIA, CDROM


 
Thread Tools Search this Thread
Operating Systems Linux nix User Access Restrictions to Network, USB ports, PCMCIA, CDROM
# 1  
Old 05-04-2011
nix User Access Restrictions to Network, USB ports, PCMCIA, CDROM

How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?

I have the task to set up a machine for users working with sensitive data that should not be leaving the machine where it is processed.

This means disabling access to the ethernet device, lan, all other ports as mentioned earlier, and any other way of leaking the data.

In Mac OSX this was achieved using "Parental controls" from the System preferences; this even allows a selection of the applications that can be used. Under XP, Device Manager offers the option to click various devices and "Disable" them, which worked so far just fine. Some will point out that the latter mentioned OS may be easy to circumvent the security of in other ways, but that has been mitigated with other measures and it's not the point anyway. For the operator users in question, the aforementioned measure proved successful and worked.
Using OSX and XP to do this was a 10-15 minutes job with testing included.


So far all guides and tutorials pointed to useradd, groups an facl, but in actual practical terms did not help at all, in fact most of the research did not render any practical results so far. I surely don't expect to point and click, and would gladly run a set of commands from CLI. If I had them.

I would really would like to achieve the same restricted user account configuration in a concise, comprehensive and practical manner under Linux too. Preferably tested on humans before, and known to be workign, of course...
The machines that need to be set up are two laptops running Ubuntu.

So how can this be accomplished in Linux? Or, a mainstream Unix flavour that is available as OSS, presumably that would not work so very differently.

Thanks.
# 2  
Old 05-05-2011
Quote:
Originally Posted by netfreighter
How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?
Don't give it any USB, CDROM, Firewire, or ethernet drivers and it won't have any USB, CDROM, Firewire, or ethernet devices.

How to do this depends on the distro. There's a few options. If these things are all modules, you can blacklist the relevant modules and they won't be able to get these modules loaded without first logging in as root. If you're compiling your own kernel you can just leave these options out entirely.

Of course, none of this prevents them just popping in a livecd and booting with that. They could do that on a mac too.

For that matter, nothing prevents them taking photographs of the screen, either.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to provide root access via sudo with restrictions?

Hi, I have a requirement to provide root access but user should not run some specific commands, How it is possible. following is my configuration at sudoers file, Cmnd_Alias MYLIMIT = /usr/bin/passwd /sbin/shutdown /usr/bin/reboot /usr/sbin/visudo /bin/vi /usr/bin/vim test2... (5 Replies)
Discussion started by: anuragr
5 Replies

2. Shell Programming and Scripting

Admin user command usage restrictions

Hi, I need to work on restricting the Linux commands to the ADMIN user to some extent. It means for example, Admin users should not use passwd command to change the password of "root" or other important accounts like oracle, etc., So, I want to know which commands should be restricted upto which... (5 Replies)
Discussion started by: Dpu
5 Replies

3. UNIX for Advanced & Expert Users

How to uniquely distinguish between two USB ports??

Hi all, I am facing a problem while writing a shell script. My machine has two USB ports- left port and right port. whenever I connect USBS to both the ports, entry is generated as /sys/block/sdc and /sys/block/sdd and I mount the USBs to a particular directory. But I need to know... (3 Replies)
Discussion started by: Pkumar Sachin
3 Replies

4. UNIX for Dummies Questions & Answers

User restrictions

Hi, I am setting up a new Suse server and I'm very happy with it . So far Apache2, SVN, PHP5 and MySQL are up and running. Now I want to create and delete users (for coders for our projects) but they aren't allowed to do anything so there must be some restrictions. I want access restriction so... (1 Reply)
Discussion started by: kever
1 Replies

5. Shell Programming and Scripting

User restrictions

Hi, I am setting up a new Suse server and I'm very happy with it :). So far Apache2, SVN, PHP5 and MySQL are up and running. Now I want to create and delete users (for coders for our projects) but they aren't allowed to do anything so there must be some restrictions. I want access restriction so... (0 Replies)
Discussion started by: kever
0 Replies

6. Solaris

Adding user with restrictions (Closed Homework)

Hello, I would to create a new user with some restriction: Example "Toto" I am a newer in unix please tell me how to do 1. The user will will have only remote access via FTP ( not telnet, ssh etc ...) 2. The user will not be able to access via FTP to other directory 4) He will access only... (1 Reply)
Discussion started by: fedeboubou
1 Replies

7. Linux

How to install linux in a system without cdrom, usb boot, floppy, other OS?

Hello to everyone, I am new to linux and I want to move to this system after bad experiences with windows. I have also a particular problem. An old laptop is probably able to handle just linux at this point of its life. The cdrom is gone, the bios doesn't have usb boot support, there is no... (6 Replies)
Discussion started by: highkftj
6 Replies

8. Red Hat

RHEL4&5 Automount for USB/CDROM/DVDROM

Hi Guys, as above, how do I enable automount for USB/CDROM/DVDROM in RHEL4 & 5? I have searched the forum on this topic but didn't find any. Also searched the net but it seems confusing and there are different ways to do things depending on the distros. Btw, I am on RHEL command line only... (4 Replies)
Discussion started by: DrivesMeCrazy
4 Replies

9. Solaris

Non-root user access to privileged ports-Solaris 8

Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up: SEVERE: Error initializing endpoint java.net.BindException: Permission denied<null>:443 (5 Replies)
Discussion started by: pingmeback
5 Replies

10. UNIX for Dummies Questions & Answers

USB Ports

I want to map out specific USB ports. For example if there are 7 ports on a USB hub I want to be able to identify port #2 and send a file there. How does UNIX see these ports? (1 Reply)
Discussion started by: eggfoot
1 Replies
Login or Register to Ask a Question