You can uninstall packages like vlc
and mplayer
(start with
aptitude search '\<(player|media|movie)\>' | grep '^i'
but note that you do not have to uninstall everything from that list and the list might miss some packages).
However, if you fear that people will bring executables on their usb sticks (i.e., they have physical access to the box), I am afraid you are in trouble (usually physical access implies an ability to compromise a system).
Still, you can try making the removable media mount in non-executable mode (i.e., no file there is executable) using the noexec
option to mount
(or in /etc/fstab
) and placing user directories on a partition mounted in non-executable mode. This way they will not be able to run the players from there. Note that you will have to make /tmp
and all the other places writable by the users mounted non-executable too.
Do they have internet access on the box, or can they load files off of a USB drive or CD drive? – Darth Android – 2013-08-06T19:20:52.553
@DarthAndroid - no internet access, but USB ports which can be used to attach usb sticks/cdrom/etc. – user1876484 – 2013-08-07T08:03:00.397
Then just keep in mind it would be trivial for a user to bring in a video player unless you keep an eye on what they do with the computers. – Darth Android – 2013-08-07T14:29:08.620