?
Solved

[LINUX] how to deny usb flash drive access but allow other usb peripherals

Posted on 2011-04-21
6
Medium Priority
?
451 Views
Last Modified: 2012-05-11
In previous windows environments I noticed that USB flash drive functionality was denied as company policy. How can I do the same thing on Linux (mandriva) in the same fashion that a large organisation would implement this?

I came across the command:
lsusb -s [[bus]:][devnum]

How would I apply this to the below lsusb list? I don't understand how I should input the bus and devnum e.g. lsusb -s 003:002 did not work.

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0bda:0158 Realtek Semiconductor Corp. USB 2.0 multicard reader
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 064e:a104 Suyin Corp.
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 002: ID 045e:0039 USB FLASH DRIVE
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 002: ID 08ff:1600 AuthenTec, Inc. AES1600
Bus 007 Device 003: ID 056a:0093 Wacom Co., Ltd
0
Comment
Question by:masterkilla
6 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 35440328
If you donot ever want to have storage usb being available you can remove it by typing:
Try it on a test machine and see if it will meet your needs, but if it is a server do not run it as you would need to have access to the usb storage one day.

modprobe -r usb_storage
0
 
LVL 4

Expert Comment

by:undersky
ID: 35441598
you can disable it in kernel, but it need recompile it, also

rmmod usb_storage
must work
also if mandriva users work into nautilus:

use:
apps>nautilus>preferences>media_automount

if users can access to root, on their computer, you can remove storage.ko by self:
(to not allow modprobe it back)

mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root

and update the initramfs
update-initramfs -k all -c -v

you can also restrict all users to mount any devices, by

chmod 000 /media

so no one can use automount..
0
 
LVL 4

Expert Comment

by:undersky
ID: 35441610
lastest is most fastest)) but you can't also mount any media devices, also if you have logical disc
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:ivailoj
ID: 35446676
Read about udev rules, and made one that accept only devices that must be used on USB port.
0
 

Expert Comment

by:gowts
ID: 35465819
compile the kernel with the option obj-m for USB storage devices so that u can unmount Usb storage module.
do rmmod usb_storage now your mass storage module is unmounted.
0
 
LVL 4

Accepted Solution

by:
undersky earned 2000 total points
ID: 35470964
udev and recompile kernel without USB storage still allow to mount usb HDD ;)

so best way turn off automount, or lock media folder) this, so for best way,
1. chmod 000 /media
2. mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root

and update the initramfs
update-initramfs -k all -c -v
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month16 days, 15 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question