We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

[LINUX] how to deny usb flash drive access but allow other usb peripherals

masterkilla
masterkilla asked
on
Medium Priority
497 Views
Last Modified: 2012-05-11
In previous windows environments I noticed that USB flash drive functionality was denied as company policy. How can I do the same thing on Linux (mandriva) in the same fashion that a large organisation would implement this?

I came across the command:
lsusb -s [[bus]:][devnum]

How would I apply this to the below lsusb list? I don't understand how I should input the bus and devnum e.g. lsusb -s 003:002 did not work.

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0bda:0158 Realtek Semiconductor Corp. USB 2.0 multicard reader
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 064e:a104 Suyin Corp.
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 002: ID 045e:0039 USB FLASH DRIVE
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 002: ID 08ff:1600 AuthenTec, Inc. AES1600
Bus 007 Device 003: ID 056a:0093 Wacom Co., Ltd
Comment
Watch Question

Sikhumbuzo NtsadaIT Administration

Commented:
If you donot ever want to have storage usb being available you can remove it by typing:
Try it on a test machine and see if it will meet your needs, but if it is a server do not run it as you would need to have access to the usb storage one day.

modprobe -r usb_storage
Dmitriy SkyIT Engeneer

Commented:
you can disable it in kernel, but it need recompile it, also

rmmod usb_storage
must work
also if mandriva users work into nautilus:

use:
apps>nautilus>preferences>media_automount

if users can access to root, on their computer, you can remove storage.ko by self:
(to not allow modprobe it back)

mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root

and update the initramfs
update-initramfs -k all -c -v

you can also restrict all users to mount any devices, by

chmod 000 /media

so no one can use automount..
Dmitriy SkyIT Engeneer

Commented:
lastest is most fastest)) but you can't also mount any media devices, also if you have logical disc

Commented:
Read about udev rules, and made one that accept only devices that must be used on USB port.

Commented:
compile the kernel with the option obj-m for USB storage devices so that u can unmount Usb storage module.
do rmmod usb_storage now your mass storage module is unmounted.
IT Engeneer
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.