15

I'm using Ubuntu 12.04 and I want to block usb storage on it. What is the correct way to do this?

Seth
  • 58,122
Rakesh
  • 1,159
  • 4
    When you say you want to block "usb storage", does that mean that you want to prevent external hard drives being connected or do you want to prevent any usb devices connecting to your machine? – Kevin Bowen Feb 12 '13 at 09:07
  • 1
    Related (needs confirmation to work on 12.04): http://askubuntu.com/questions/79043/disable-usb-mass-storage – Takkat Feb 12 '13 at 10:20

4 Answers4

15

In Linux the risk of viruses are small to nonexistent, however USB sticks automatically mount for reading and writing regardless. There's an easy way in recent Ubuntu distributions to disable USB storage devices. Simply blacklist the kernel driver:

echo "blacklist usb-storage" | sudo tee -a /etc/modprobe.d/blacklist.conf

Then update the initramfs

sudo update-initramfs -u

After that, nobody can use a USB memory stick in that computer, but still allows the administrator(s) to manually load the module and use it.

source is here: http://www.ossramblings.com/disabling_usb_storage_in_linux

Another way which is more selective is to note that users who are members of the plugdev group are allowed to access pluggable storage devices so you could just remove any users you don't want to use USB sticks from that group.

source: here

Community
  • 1
Warren Hill
  • 22,112
  • 28
  • 68
  • 88
  • This won't work, because the redirection is performed by the user's shell and isn't affected by sudo. You need to use: echo "blacklist usb-storage" | sudo tee -a /etc/modprobe.d/blacklist.conf – Ivy Dec 17 '13 at 10:26
  • Also the module name is usb_storage not usb-storage – Ivy Dec 17 '13 at 10:38
  • After adding this line, need to run "sudo update-initramfs -u" as http://askubuntu.com/questions/51321/modules-loading-despite-being-added-to-the-blacklist says, right? – Fumisky Wells Mar 28 '15 at 03:00
  • 1
    Its not working at all, usb-storage or usb_storage, both failed to work. Its not correct answer which works. – Tejaskumar Tank Dec 07 '15 at 06:53
3

Solution verified in Ubuntu 16.04 (Kernel 4.4.0-31-generic).

We have to blacklist the uas (usb as scsi) driver along with the usb_storage driver in case the just blacklisting the usb_storage driver is not working for you. The uas kernel module is loading the usb_storage but seems to be ignoring the blacklisting of the usb_storage driver in modprobe.d.

sudo echo -e "blacklist uas\nblacklist usb_storage" > /etc/modprobe.d/blacklist_usbdrive.conf
eskhool
  • 202
  • 2
  • 10
2

Just rename storage to storage-old:

mv /lib/modules/3.2.0-35-generic-pae/kernel/drivers/usb/storage /lib/modules/3.2.0-35-generic-pae/kernel/drivers/usb/storage-old

change the kernel ver in 3.2.0-35-generic-pae according to yours

Ron
  • 20,638
Osama El-gedawy
  • 804
  • 1
    This is a workaround and a dirty solution. In best case you will always get warnings and errors in dmesg. In worst case this may cause kernel oops if some other module is depending on it. – obayhan Feb 23 '17 at 11:18
-3

The simple way Login as root open terminal and type the following command

$ sudo gedit /etc/modprobe.d/blacklist.conf

It will ask for root password, give it .

then add the blacklist USB_storage at the last line as follows

# really needed.
blacklist amd76x_edac
blacklist usb_storage

Save it and reboot your system.

pomsky
  • 68,507
user417451
  • 1
  • 2
    Welcome to Ask Ubuntu, thank you for sharing knowledge. However, your answer does not add new solution. Have you read Warren Hill's answer. – user.dz Jun 06 '15 at 10:41