How to limit access to USB ports?

Hi everyone :slight_smile:
First post here. I’ve searched first before asking, both in here and on google.

At the moment i successfully created a multiseat environment. 2 seats, 2 keyboard/mouse, 2 monitors and 1 dual-headed graphic card.

The monitors have several usb ports in them, so what i would like to do is, based on the port that the device is connected, the (for example) flash drive will only appear to the associated user using that seat.

My idea is to create rules for udev, based on the physical address of the USB ports, changing the mount point accordingly (to something like /home/LOGGED_USER_ON_THIS_SEAT/media).

I never messed with udev, i checked the man page and rules can be based on “–device”, but usb port address is never mentioned.

Where should i look to get this setup working?

Thank you in advance
João Peixoto

In the default situation udev only creates the device files (in /dev).
The creation of a mount point inside /media, choosing more or less at random a user from those who are loged in (that is where your problem shows) and mounting is done by HAL. Until now I do not know of a way to configure HAL to do different, the HAL rules files are not for the lightharted. Further we found out that on 11.2 it is not HAL, but DeviceKitT (package devicekit-disks) that took over the mounting task of HAL. When you are on 11.2 is may be better to dig into DeviceKit documentation (if you can find it).

Also I have the idea that the whole udev/HAL/DeviceKit area is rather dynamic these days, thus a solution implemented by you may not work on 11.3 and you will have to reinvent.

This is not to disharten you, but I thought fit to give you he information I have.

I’m not “disharted” :slight_smile: i do appreciate your feedback.

In “small” environment such a multiseat one which is not opened to the public, a device being visible for everyone is not that problematic (assuming everyone has respect for privacy). But still, in public situations (kiosks) or more professional environments such feature would be relevant…

Thank you for your feedback hcw :wink:

O yes, I fully understand what you want. When you read SDB:Basics of partitions, filesystems, mount points - openSUSE you will see that HAL (and I do not know if DeviceKit is anty better) does not understand the multi user capabillity of Linux.

During writing of this SDB:: we had a clear example of a father, mother and daughter who were all loged in using differnet ‘logical screens’. Guess who got the pop-up window when the daughter (playing operator) put in an USB-stick?