Changing permissions on usb devices
C Hamel
yogich at sc2000.net
Fri Jun 2 13:47:46 UTC 2006
> > There are at least two ways:
> > 1. create a boot.local file in /etc/init.d & add that statement. Put a
> > symlink to the file in /etc/rcS.d
>
> Could you explain how to do it verbatim - I'm a bit unfamiliar with
> those kind of things :-(
>
Okay. The boot.local is really a no-brainer type of thing in which you can
put your permissions. As I indicated, that one belongs in the /etc/init.d
directory. Mine follows:
================
#!/bin/sh
#Activate wireless
# modprobe ndiswrapper
#Set up IPTABLES here, since it is problematic where to place the startup
#First we flush our current rules
iptables -F
iptables -t nat -F
#Setup default policies to handle unmatched traffic
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#Copy and paste these examples ...
export LAN=eth1
export WAN=ppp0
#Then we lock our services so they only work from the LAN
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT
#(Optional) Allow access to our ssh server from the WAN
iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT
#Drop TCP / UDP packets to privileged ports
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
#Finally we add the rules for NAT
iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
#Tell the kernel that ip forwarding is OK
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
#Enable on-demand ppp0
/usr/sbin/pppd call sc2k
#Put in startup scripts for mplayer
echo 1024 > /proc/sys/dev/rtc/max-user-freq
#Start portsentry
sh /usr/local/bin/sentry
#Negate VT blanking
/usr/bin/setterm -blank 0
#Set device permissions
/bin/chmod a+rw /dev/hda1
#kqemu
/sbin/modprobe kqemu major=0
================
The symlink will be in /etc/rcS.d. Mine is:
#cd /etc/rcS.d
#ln -sf /etc/init.d/boot.local S42boot.local
You need to have the S[number] on it for the reasons stated in the docs. You
have to place the symlink *after* the symlink for the script which activates
your devices (mine is placed *after* the networking script does its thing).
It may take some experimentation, but this is the nuts and bolts of it.
Good luck...
--
...CH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20060602/02c06ddd/attachment.sig>
More information about the kubuntu-users
mailing list