RK RK wrote:
I am beginner to IPA. Just now I configured IPA in my test environment.
We just want to deploy it in production within couple of weeks after
understanding most things in IPA.
One thing I want to know is can we block the access to USB storage
devices like(pendrive, usb-CDROM etc.,) for normal users who are logging
into client machines in the IPA domain.
If yes please tell me how? or else please suggest any other solution to
Just throwing this out as an idea, but IPA supports assigning a
different SELinux context per-user, so in theory if you had a context
that didn't allow access to USB you could use that. By default, users
are unconfined_u when logging in.
This might require tweaking SELinux policy and shipping that around to
all the hosts, something that IPA doesn't help with right now (though
something like puppet might).
Freeipa-users mailing list