396a397,404
> GOOD_VENDOR="SDG,005M"
> VAR1=`/usr/sbin/mount | grep $DISK | awk
> '{print $3}'`
> VAR2=`ls -al $VAR1 | awk '{print $11}'`
> VAR3=`echo $VAR2 | awk -F"/" '{print $6}'`
> echo $VAR3
> VENDOR=`echo $VAR3 | awk -F"@" '{print $1}'`
> if [ $VENDOR = $GOOD_VENDOR ]
> then
413a422
> fi
465a475
>
This is a modification for one vendor (http://www.lok-it.net/ FIPS secured USB
sticks, that are independend from Client OS used, quite hard to find ...). In
the future I'm planning to modify it for multiple vendors, if any other USB
Stick fullfill our security requirements ...
stub from the code ...
#We have found a device to check on
ls -l ${USBLINKDIR}/* 2>/dev/null | grep
`basename $DISK`
if [ $? -ne 0 ]
then
GOOD_VENDOR="SDG,005M"
VAR1=`/usr/sbin/mount | grep $DISK | awk
'{print $3}'`
VAR2=`ls -al $VAR1 | awk '{print $11}'`
VAR3=`echo $VAR2 | awk -F"/" '{print $6}'`
echo $VAR3
VENDOR=`echo $VAR3 | awk -F"@" '{print $1}'`
if [ $VENDOR = $GOOD_VENDOR ]
then
#The device is not linked
NEWLINK=${USBLINKDIR}/`basename $DISK`
# Change the linkdir permissions to
create a new link
# and restore after, to avoid user
files from being created there
chmod 700 $USBLINKDIR
ln -s $DISK $NEWLINK
chmod 500 $USBLINKDIR
if [ -d "$HOME/Desktop" ]
then
#We are in GNOME, create icon
on desktop
create-gnome-icon $NEWLINK
#Start file manager if there is
one, and it's desired
[ ! -z "$FILEMGRCMD" ] &&
($FILEMGRCMD "$DISK" &)
fi
fi
fi
regards, thomas
-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von Simon Venema
Gesendet: Freitag, 27. April 2012 11:51
An: SunRay-Users mailing list
Betreff: Re: [SunRay-Users] usb-flash-drive: why shared use only ? [KIOSK-RDP
W2008 / SRSS 5.2.5. Oracle 5.6 (64bit)]
Hi Thomas,
We use USBDRIVED a lot in our installations. I would be interested to know what
modifications you made to allow only an authorised type.
Thanks,
Simon.
________________________________________
From: [email protected] [[email protected]] On
Behalf Of Fuerle, Thomas [[email protected]]
Sent: 26 April 2012 13:46
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] usb-flash-drive: why shared use only ? [KIOSK-RDP
W2008 / SRSS 5.2.5. Oracle 5.6 (64bit)]
Hi Stefan,
I use https://blogs.oracle.com/danielc/entry/a_usb_drive_daemon_for1
nice and secure (only for your own session), I have modified it, that only one
type of USB stick is allowed.
But needs a couple of resources on the server ... 2 more processes per DTU
utku35 28936 0.0 0.0 3680 1680 ? S 07:02:52 0:00
/opt/SUNWut/bin/utaction -c exec /opt/SunRayAddons/bin/usbdrived start -d exec
/opt/SunRayAddons/bin/usbdrived stop -i
utku35 28951 0.0 0.0 2916 1752 ? S 07:02:52 0:07 /bin/bash
/opt/SunRayAddons/bin/usbdrived start
you don't do here USB Redirection (so no windows policies apply), but be a
client drive mapped through RDP (in windows terms client mapping of e.g drive
h:).
thomas
-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von Stefan Mehne
Gesendet: Donnerstag, 26. April 2012 13:21
An: [email protected]
Betreff: [SunRay-Users] usb-flash-drive: why shared use only ? [KIOSK-RDP W2008
/ SRSS 5.2.5. Oracle 5.6 (64bit)]
Hi!
I configured a sunray (SRSS 5.2.5) server on Oracle 5.6 (64bit)].
All work fine with one exception. In a kiosk-mode-sessions (rdp-session to
w2008r2 server with windows-connector) a usb-flash-drive work only in
"shared-mode". If you plug the usb-flash-drive in the dtu (sunray2 and sunry3),
the windwos-connect raise a popup which ask you to share the stick or not. If
you select "no" you see no usb-drive in your rdp-session (but it is mounted in
the linux-system) . Otherwise you got a new drive in your rdp-session, but
everyone on the w2008 Server can read and write on your usb-stick.
I can't find any error or warnings in the logs :-(
How can I use a usb-flash-drive exclusive on the dtu where it is plugged in, in
a kiosk-rdp-session?
Any hints?
Thanks in advance,
Yours Sincerely
Stefan
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
