Changing permissions on usb devices

C Hamel yogich at sc2000.net
Fri Jun 2 13:47:46 UTC 2006


> > There are at least two ways:
> > 1. create a boot.local file in /etc/init.d & add that statement.  Put a
> > symlink to the file in /etc/rcS.d
>
> Could you explain how to do it verbatim - I'm a bit unfamiliar with
> those kind of things :-(
>
Okay.  The boot.local is really a no-brainer type of thing in which you can 
put your permissions.  As I indicated, that one belongs in the /etc/init.d 
directory.  Mine follows:

================
#!/bin/sh

#Activate wireless
# modprobe ndiswrapper

#Set up IPTABLES here, since it is problematic where to place the startup
#First we flush our current rules
 iptables -F
 iptables -t nat -F

#Setup default policies to handle unmatched traffic
 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD DROP

#Copy and paste these examples ...
 export LAN=eth1
 export WAN=ppp0

#Then we lock our services so they only work from the LAN
 iptables -I INPUT 1 -i ${LAN} -j ACCEPT
 iptables -I INPUT 1 -i lo -j ACCEPT
 iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
 iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT

#(Optional) Allow access to our ssh server from the WAN
 iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT

#Drop TCP / UDP packets to privileged ports
 iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
 iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP

#Finally we add the rules for NAT
 iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
 iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
 iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
 iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
#Tell the kernel that ip forwarding is OK
 echo 1 > /proc/sys/net/ipv4/ip_forward
 for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

#Enable on-demand ppp0
/usr/sbin/pppd call sc2k

#Put in startup scripts for mplayer
echo 1024 > /proc/sys/dev/rtc/max-user-freq

#Start portsentry
sh /usr/local/bin/sentry

#Negate VT blanking
/usr/bin/setterm -blank 0

#Set device permissions
/bin/chmod a+rw /dev/hda1

#kqemu
/sbin/modprobe kqemu major=0
================

The symlink will be in /etc/rcS.d.  Mine is:
#cd /etc/rcS.d
#ln -sf /etc/init.d/boot.local S42boot.local

You need to have the S[number] on it for the reasons stated in the docs.  You 
have to place the symlink *after* the symlink for the script which activates 
your devices (mine is placed *after* the networking script does its thing).  
It may take some experimentation, but this is the nuts and bolts of it.

Good luck...
-- 
	...CH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20060602/02c06ddd/attachment.sig>


More information about the kubuntu-users mailing list