1
How can I block playing all possible kinds of videos (.mpeg .avi. flash etc.) by users on Debian Wheezy (with Gnome)?
Thank you very much.
user1876484
Posted 2013-08-06T18:23:24.070
Reputation: 123
0
You can uninstall packages like vlc and mplayer (start with
aptitude search '\<(player|media|movie)\>' | grep '^i'
but note that you do not have to uninstall everything from that list and the list might miss some packages).
However, if you fear that people will bring executables on their usb sticks (i.e., they have physical access to the box), I am afraid you are in trouble (usually physical access implies an ability to compromise a system).
Still, you can try making the removable media mount in non-executable mode (i.e., no file there is executable) using the noexec option to mount (or in /etc/fstab) and placing user directories on a partition mounted in non-executable mode. This way they will not be able to run the players from there. Note that you will have to make /tmp and all the other places writable by the users mounted non-executable too.
sds
Posted 2013-08-06T18:23:24.070
Reputation: 1 600
Thank you! Is there anything else except for /tmp that I should make noexec? – user1876484 – 2013-08-07T08:05:21.157
You need to mount non-executable every directory writable by the user. – sds – 2013-08-07T11:37:06.130
what are they? is there a command to find them all? – user1876484 – 2013-08-07T12:31:52.903
yes, find - the man page is long, but it is well worth working through – sds – 2013-08-07T13:32:33.560
Do they have internet access on the box, or can they load files off of a USB drive or CD drive? – Darth Android – 2013-08-06T19:20:52.553
@DarthAndroid - no internet access, but USB ports which can be used to attach usb sticks/cdrom/etc. – user1876484 – 2013-08-07T08:03:00.397
Then just keep in mind it would be trivial for a user to bring in a video player unless you keep an eye on what they do with the computers. – Darth Android – 2013-08-07T14:29:08.620