4

For security reasons (so no-one can copy data from computer to CD-ROM, or from CD-ROM to computer), I have to disable the CD-ROM drives on all of the Ubuntu systems I have.

I estimate I have near 400-500 Ubuntu machines.

How can I disable CD-ROM drives, and then enable them again.

If possible, I would like commands to both enable, and disable a CD-ROM drive.

earthmeLon
  • 11,247
Vikram Jadhav
  • 41
  • Does any of the people you want to disabled the cd/dvd for have admin permissions in those machines? Or are all normal users? And how would this prevent them from using a USB, a floppy disk, ssh, command line mail, storing it on a cloud and a dozen other methods I probably forgot about. – Rinzwind Jan 18 '17 at 16:08
  • I already disabled USB mass storage on all the systems, it worked successfully. I just want to disable cdrom so that no one can access it, I want enable & disable command for cdrom. In future if i need to enable cdrom then i want those enabling commands. All are normal users – Vikram Jadhav Jan 18 '17 at 16:14
  • Please tell me what should i do to disable cdrom? And again enable it – Vikram Jadhav Jan 19 '17 at 13:16
  • @Rinzwind will you please tell me which commands should i execute? – Vikram Jadhav Jan 19 '17 at 13:17
  • @Rinzwind Hello Sir, will you please help me to block the cdrom with commands which are working !!! – Vikram Jadhav Jan 20 '17 at 07:20
  • 1
    @VikramJadhav stop this! The people here are all volunteers. If they can help, they will but do not insist like this. Be patient and wait. Even better, [edit] your question and show that you tried the commands Rinzwind already gave you and what happened when you tried. But, whatever you do, stop leaving repetitive comments like this. – terdon Jan 20 '17 at 11:10

2 Answers2

6

Lock the drive:

eject -i 1

Unlock the drive: 

eject -i 0

From man eject: 

 -i on|1|off|0
        This  option  controls locking of the hardware eject button. When enabled,
        the drive will not be ejected when the button is pressed.  This is  useful
        when you are carrying a laptop in a bag or case and don't want it to eject
        if the button is inadvertently pressed.

Mind that this command is available for users on the system so you might also want to create an alias to override the normal eject. And not all versions of eject support locking (the version in Ubuntu 15.04+ does; below that I am not sure).

What the command does is a ...

echo 1 | sudo tee /proc/sys/dev/cdrom/lock
echo 0 | sudo tee /proc/sys/dev/cdrom/lock

so you can also use that.

And these is also a 3rd party script you could use called cdctl.

15:04 (oldest Ubuntu I have): 

$ eject --version
eject version 2.1.5 by Jeff Tranter (tranter@pobox.com)
$ eject -i 1
CD-Drive may NOT be ejected with device button
$ eject -i 0
CD-Drive may be ejected with device button
Rinzwind
  • 299,756
  • I am using 14.04 LTS given above all these commands are not working.. I tried all of them but no any one command is not working... Please provide me the working commands..! – Vikram Jadhav Jan 19 '17 at 09:36
  • 1
    http://superuser.com/a/78855/276585 seems to show that those commands even working in 2009. Maybe your hardware does not support it. – Rinzwind Jan 19 '17 at 10:17
  • I tried this commands on 4-5 systems but it isnt working.. Can you please tell me other commands.. !!! – Vikram Jadhav Jan 19 '17 at 10:26
  • care to add the results you get from the commands I edited into the answer? (version of eject and results of the command). Again: it could be your hardware not supporting locking the cd drive. More drastic measure: cp /dev/cdrom to somewhere else and remove it when disabled and copy it back when you need it enabled? – Rinzwind Jan 19 '17 at 11:08
  • I tried this command but still the CD Drive is ejecting ... not working for me.. please provide another command – Vikram Jadhav Jan 19 '17 at 11:18
2

First: I'm using Debian 10, but this might also work in Ubuntu.

The only way I was able to disable CD/DVD reading/writing was to create -- as root -- the following cron job:

@reboot mv /dev/sr0 /dev/sr0_block

Remember to check the device file name for your CD-ROM. You could use the lsblk command for that. In my case, it is sr0.

To re-enable functioning just comment or delete the cron job line and restart the computer.

Note that if you just rename the sr0 file, without adding a cron job, you'll find the change unmade after reboot.

I'm sorry this is an ugly trick, but I have tried: removing users from cdrom group, changing permissions of /media, blacklisting cdrom and sr_mod modules and even the eject -i 1 command. That is the only thing that worked for me.

Tejas Lotlikar
  • 2,945
  • 5
  • 17
  • 26
juarezjan
  • 21