RK RK wrote:
Hi all,

I am beginner to IPA. Just now I configured IPA in my test environment.
We just want to deploy it in production within couple of weeks after
understanding most things in IPA.

One thing I want to know is can we block the access to USB storage
devices like(pendrive, usb-CDROM etc.,) for normal users who are logging
into client machines in the IPA domain.

If yes please tell me how? or else please suggest any other solution to
achieve this.

Just throwing this out as an idea, but IPA supports assigning a different SELinux context per-user, so in theory if you had a context that didn't allow access to USB you could use that. By default, users are unconfined_u when logging in.

This might require tweaking SELinux policy and shipping that around to all the hosts, something that IPA doesn't help with right now (though something like puppet might).


Freeipa-users mailing list

Reply via email to