Hi Andy and Philipe Many thanks for the sample script, will try it first. Rgrds, Fitra
________________________________ From: Andy White <[email protected]> To: SunRay-Users mailing list <[email protected]> Sent: Monday, April 6, 2009 5:50:36 PM Subject: Re: [SunRay-Users] Lock USB device for Specific DTU or Card Hi Fitra, This might work for you if you have tokens for each user. I don't know how it'll scale with many users because utuser -o outputs all users but it might be worth a try. Also this won't stop the usb being mounted by the SRSS it'll just stop it being redirected. Put "USB" (or something) in the 'Other Information' field of the users who can have usb's (you could do this in reverse to keep the administration of the 'Other Information' field down if that was easier eg put NO_USB and swap the 'if' statement in the script below). Now change your kiosk options to something like -t 1800 -- -m -b `/opt/SUNWscripts/uttsc_script.sh` Create the SUNWscripts directory and then the uttsc_script.sh is along the lines of (I'm not a great scripter so you'll have to check this).... #!/bin/sh # Check that this is a Sun Ray if ["$SUN_SUNRAY_TOKEN" = ""] then exit 1 fi # Get the value of the 'Other Information' field for this token / user ALLOW_USB=`/opt/SUNWut/sbin/utuser -o | awk -F, "/$SUN_SUNRAY_TOKEN/ {print \\$5}"` # Check to see if USBs are allowed and redirect to the uttsc session if appropriate if ["$ALLOW_USB" = "USB"] echo "-r disk:usb=$HOME/USBDRVS <YOUR_WINDOWS_IP_ADDRESS_OR_DNS>" else echo "<YOUR_WINDOWS_IP_ADDRESS_OR_DNS>" fi To everyone else: If this is a shocking idea then please say! HTH, Andy Philippe Schwarz wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 06.04.2009 10:58, fitra budi anggoro a écrit : any sample script how I can do this one? Thanks ________________________________ From: John Francis <[email protected]> To: SunRay-Users mailing list <[email protected]> Sent: Monday, April 6, 2009 3:39:38 PM Subject: Re: [SunRay-Users] Lock USB device for Specific DTU or Card 2009/4/6 fitra budi anggoro <[email protected]>: Hi John Francis, Its more to security policy to allow only certain users to use flash drives. I am using kiosk with uttsc only. Hope this info specific enough to give you some idea. You could do some authentication before launching uttsc and then decide whether to enable disk redirection or not. Hi, i'm not good in script, but i did this one to redirect USB flash drive connected onthe SR2 : #!/bin/ksh USBDISK=`/opt/SUNWut/bin/utdiskadm -l |tail -1 | cut -d" " -f21-30` echo $USBDISK if [ "$USBDISK" != "" ] then /opt/SUNWuttsc/bin/uttsc -m -r disk:usb=$USBDISK -u $(/opt/SUNWut/sbin/utuser -p `env | grep SUN_SUNRAY_TOKEN | cut -d"=" - -f2` | grep "User Name" | cut -d"=" -f2 |cut -d" " -f2) -d DOM SRV else /opt/SUNWuttsc/bin/uttsc -m -u $(/opt/SUNWut/sbin/utuser -p `env | grep SUN_SUNRAY_TOKEN | cut -d"=" -f2` | grep "User Name" | cut -d"=" -f2 |cut -d" " -f2) -d DOM SRV fi Which, in this state doesn't solve the problem; but adding some kind of ldapsearch request to find the suitable group could be done without much difficulty : Adding this part in the "then" statement : LDAP_ALLOWED=` ldapsearch -h IPLDAP -p TCPPORT -x -b cn=sunray_USB_allowed,ou=Groups,BASEDN -D cn=admin,BASEDN -w PASS |grep $UTUSER` if [ "$LDAP_ALLOWED" != "" ] then # Don't do the redirect fi All you'll have to do is to add a sunray_USB_allowed LDAP's group. Otherwise, you could add a sunray_USB_DISallowed, which could be faster if you have a few people to add to. Hope it'll help - -- Cordialement. - - Lycée Alfred Nobel,Clichy sous bois http://www.lyceenobel.org KeyID 0x46EA1D16 FingerPrint 997B164F4F606A61E7B1FC61961A821646EA1D16 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ2c7OlhqCFkbqHRYRArlfAJ0Z+IbfNmkkhpuaalwZVg14396T3wCdHNMY mDA8LJ4Pj0JCJwfaC7thNlQ= =8cms -----END PGP SIGNATURE----- _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
