hi there,
i need to lock down a machine (running 12.04 LTS) so that guest users (who, for various reasons, will be logged in via a named standard account, not the "Guest" account) cannot copy any files off of the machine.

LAN and wireless access will be turned off via disabling of said components via pwd-protected bios settings.

i would like to prevent the users from plugging in a USB drive into the open ports and simply dragging and dropping files on to the USB stick. i know i can disable the individual USB ports via pwd-protected bios settings, but that still leaves the issue of needing 2 active USB ports for the keyboard and mouse to plug into. (i have already thought of shutting down all USB ports and using PS/2 keyboard/mouse, but i'd like to be able to use USB keyboard/mouse due to availability).

so, my questions are:
  • any tips on how to allow use of USB keyboard/mouse but prevent use of USB drive/stick or any other USB-based device?
  • any other security holes that i should be aware of which would allow guest users to copy files off of the machine?

thanks so much!