From mboxrd@z Thu Jan  1 00:00:00 1970
From: Greg KH <greg@kroah.com>
Date: Mon, 21 Feb 2011 15:57:35 +0000
Subject: Re: How to use Udev to restrict USB access only to particular set
Message-Id: <20110221155735.GB785@kroah.com>
List-Id: <linux-hotplug.vger.kernel.org>
References: <AANLkTinqeg=o_bmdR0CKuVmP14x71kkrE3=zdaxx2AE=@mail.gmail.com>
In-Reply-To: <AANLkTinqeg=o_bmdR0CKuVmP14x71kkrE3=zdaxx2AE=@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: linux-hotplug@vger.kernel.org


A: No.
Q: Should I include quotations after my reply?

http://daringfireball.net/2007/07/on_top


On Mon, Feb 21, 2011 at 11:27:14AM +0200, Vilius Benetis wrote:
> Hi,
> 
> restrict - means that Linux users (non-root, to simplify the task)
> could be able to access only a particular predefined set of USB
> devices.
> 
> Devices:
>   Approved USB A (configured in the system), SN: XXX
>   Not approved USB B (not defined anywhere): SN: YYY
> 
> Scenario A:
>    USB A is plugged to the system, USB is allowed to be mounted
> (automatically, or manually) for the users.
> 
> Scenario B:
>    USB B is plugged to the system, USB is not allowed to be mounted
> (automatically, or manually) for the users.
> 
> Any ideas how to achieve this?

Yes, add a udev rule to not "enable" any usb device that is a mass
storage device that does not fall in your list of "valid" devices.
There is a single sysfs file to write to which would prevent any access
to that device, use that.

Hope this helps,

greg k-h