Wamukota Posted August 14, 2014 Share Posted August 14, 2014 Hey guys, I am using Ubuntu 14.04. I need to disable the automount for USB and CD on a per user basis, so that I have full automount, but the guest accounts don't. I thought I'd go to System > Administration > Users and Groups, then select the user and head to the Advanced Settings > User Privileges tab and uncheck the boxes corresponding to the Access External Storage Devices Automatically option, the Mount Userspace Filesystems, and Use CD-ROM Drives option, so that when mounting anything, a password would be required. But, unless I am mistaken, (which at my age is a possiblity ) I do not find anything that resembles a Users and Group entry in Unity I find User Account in the System Settings, but there is no advanced settings button and obviously no way to alter the settings of the guest user, except his login settings. I could install KUser , but I hate to drag in half of KDE just for such a basic thing. Anyone? Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted August 14, 2014 Share Posted August 14, 2014 Alain! How are you? Long time, no see... It's been a while since I had a Debian-based system up and running on any of my machines. However, I can tell you about an old trick that Bruno taught me. I've used it in all my setups ever since. If you want specific access to auto-mounted devices/partitions, you can create directories within your own personal home directory and then use the fstab configuration file to over-ride all auto-mount options by directing it to auto-mount the devices/partitions in question on your /home/alain/. For example, I mount a common partition between my Windows/Linux installations within my own home directory like this: Partition: /dev/sdb2 Mount point: /home/vtel57/vtel57_common Permissions: ls -l /home/vtel57/vtel57_common --> drwx------ 17 vtel57 users 16384 Dec 31 1969 vtel57_common /etc/fstab entry: /dev/sdb2 /home/vtel57/vtel57_common vfat rw,uid=vtel57 0 0 I'm not for sure/certain with regards to Ubuntu that this will work. It won't hurt to try it. Just make an fstab backup before you edit. Luck! ~Eric Quote Link to comment Share on other sites More sharing options...
Wamukota Posted August 15, 2014 Author Share Posted August 15, 2014 Hoi Eric, yes, long time no see. Had some other stuff to do and being retired means less time for me... I didn't explain my problem well enough I think. What I am doing is, that I am writing a topic for my blog about hardening your Linux Desktop Environment. One of the topics is preventing 'the other unknown passant' from gaining access to your system using pen-drives and CD's using the automount feature. Alas, in Unity, I cannot find the tools to modify the users rights. The tool 'User and Groups' seems to be gone. And my target group are not the ones who will switch to a terminal and start hitting keys on the command-line. I used to do it in earlier versions of Ubuntu. Strange... Quote Link to comment Share on other sites More sharing options...
Urmas Posted August 15, 2014 Share Posted August 15, 2014 Alain! Hello, Hello, Hello! Maybe: http://ubuntuhandbook.org/index.php/2014/05/install-users-groups-management-tool-ubuntu1404/ 2 Quote Link to comment Share on other sites More sharing options...
Wamukota Posted August 15, 2014 Author Share Posted August 15, 2014 (edited) Urmas, you found it. Thanks a lot. I wonder why I didn't find this website. Anyhow, So Long, and Thanks for All the Fish Edited August 15, 2014 by Wamukota 2 Quote Link to comment Share on other sites More sharing options...
Hedon James Posted August 15, 2014 Share Posted August 15, 2014 You're on the right track Wamukota, but Ubuntu doesn't install the advanced settings for users/groups by default. Urmas' link is exactly what you're looking for, FWIW! Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted August 15, 2014 Share Posted August 15, 2014 Alain, Bottom line here is if I have physical access to your machine, "all your data are mine," as the old saying goes. I can access anything on your hard drives with a portable Linux on a USB flash drive. Your only defense against that, as far as I know, is to encrypt your data or disable booting from external devices in your BIOS or EUFI (if you have that option). Or, maybe I'm still not understanding fully what you're trying to communicate to us here??? EDIT: Trust ol' Urmie to find anything related to Ubuntu. 1 Quote Link to comment Share on other sites More sharing options...
Wamukota Posted August 15, 2014 Author Share Posted August 15, 2014 Eric, yes, I know that once you gain physical access to my box, you'll take off with my deepest and dirtiest secrets. But the point is that most people are unaware that even a Linux box, is only as safe as you make it. Some little hardening can be done even by new ex-XP Linux users. So, I am only showing the guys who follow me on my blog, that little tweaks can make it just that tiny bit harder for a cracker that he'd rather be off to another machine, instead of waisting time or lacking the will to persue his 'drive-by' attack. One of the things is preventing the automount, but I couldn't figure out where on earth Unity had hidden the User & Groups front end and when stuck, you call in the help of the people who know where to find what you couldn't find. I am happy that I'll be able to finish my post this weekend. CU A.J. 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted August 15, 2014 Share Posted August 15, 2014 Very COOL, Alain! Quote Link to comment Share on other sites More sharing options...
securitybreach Posted August 16, 2014 Share Posted August 16, 2014 Wow, hello Urmas and Alan!!! Glad to see you guys and hope everything is well Quote Link to comment Share on other sites More sharing options...
securitybreach Posted August 16, 2014 Share Posted August 16, 2014 Alain, Bottom line here is if I have physical access to your machine, "all your data are mine," as the old saying goes. I can access anything on your hard drives with a portable Linux on a USB flash drive. Your only defense against that, as far as I know, is to encrypt your data or disable booting from external devices in your BIOS or EUFI (if you have that option). Or you simply use a bios password so it asks when you turn it on before booting anything. 1 Quote Link to comment Share on other sites More sharing options...
Wamukota Posted August 16, 2014 Author Share Posted August 16, 2014 I often go to a computer fair where together with some mates we set up a little desk, roll-out our laptops en try to make the passers-by aware that Windows only holds a small portion of the world. We all run different flavors of Linux and people are free to 'play' on the boxes. You'd be amazed at how many of them try to insert a pendrive in the machines. I don't care what is on the pendrive, as the account active at that time is locked down and there is no data on the box. The pendrive is not recognized nor mounted automagically. One of my buddies was running Ubuntu and had taken his laptop to the fair, created a new account, but didn't know that his personal $HOME folder was open to the world, as is standard by Ubuntu (drwxr-xr-x rights). It took 1 guy a few seconds to be browsing in his personal stuff. Thay was an eye-opener for me, and since then I began to look in the default safety settings of Linux, and was amazed how 'open' (pun intended) my OS was. I try to lock-down my account, not because I have earth scattering stuff on it, but because I hate to lose time by having to go through everything to see if nothing was tampered with, or something was inserted (like child porn) while my laptop is on display. All my lessons learned are put into laymans terms on my blog, as most of the guys visiting my site are visitors on Seniorennet (a website dedicated to the 50+ ) and are more like 60 or 70 than 30. It is a fun thing. I have to do research, learn quite a lot, and I can help someone else. 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted August 16, 2014 Share Posted August 16, 2014 Good looking site, actually... http://www.seniorennet.be/ I'm over 50. I should visit. I s'pose I'd have to brush up on my Dutch, French, and German first, though. 2 Quote Link to comment Share on other sites More sharing options...
Wamukota Posted August 16, 2014 Author Share Posted August 16, 2014 I always wonder if the topics I write on my blog http://baudrez.be should be translated in English. Translating the text isn't that hard, but all screenshots are from Dutch localized distros. I would have to make a second user on my box and have it use English en redo all the shots. And probably all I wrote is already available on an English page somewhere in cyberspace. that beind the case, you shouldn't brush up your foreign language skills... 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted August 16, 2014 Share Posted August 16, 2014 It would be a lot of work. I'd read it if you did it, though. Eventually, the entire world will be speaking Chinese. That'll make it easier, huh? 1 Quote Link to comment Share on other sites More sharing options...
zlim Posted August 17, 2014 Share Posted August 17, 2014 Google Translate let me read the articles in English. There's no need for you to translate the site. 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.