4

Simple question: how to add rule for usb flash drives only in /lib/udev/rules.d/ catalog?

For e.g. if I want to allow only usb flash drives for my PC to be inserted. Or allow only my flash drive. Is there any device type/grupot for that purpose?

Could anybody provide some example for noob, please? I hope it is easy to solve :)

1 Answers1

2

I answered a similar question with an example a while ago:

Running the script when it detects I/O

Use this command,

udevadm monitor --property

Insert the USB and check a property that is common to the devices that you want to use, e.g:

ID_TYPE=disk
ID_USB_DRIVER=usb-storage

Then create your rule

sudo gedit /etc/udev/rules.d/96-myusb.rules

with those values in

ACTION=="add", SUBSYSTEM=="usb",ENV{ID_TYPE}=="disk", ENV{ID_USB_DRIVER}=="usb-storage",RUN+="/usr/local/bin/myusb-add.sh"

ACTION=="remove", SUBSYSTEM=="usb",ENV{ID_TYPE}=="disk",ENV{ID_USB_DRIVER}=="usb-storage",RUN+="/usr/local/bin/myusb-remove.sh"

The rules file will only affect those devices that match the ENV{ID_TYPE} and ENV{ID_USB_DRIVER}. It will not affect any other device. If you want to restrict the rest of devices, maybe you can create a rule that matches the rest of devices and does nothing in the RUN.

If you want to run the action only when a certain usb device is connected to an specific USB port, try adding ENV{DEVPATH}="yourUSBPATH" to the rules file. Substitute yourUSBPATH for the path that udevadm monitor --property reports when you connect the device to the port that you want to use. I haven't tested this but I think it's a logical approach.

Katu
  • 3,593
  • 26
  • 42
  • Wow, thanks a lot. But I have this ID_TYPE = scsi after usb flash drive insertion. So, as a next step I have to write some script in /usr/local/bin/ folder to restrict access for any other usb device, am I rigth? – mr.incredible Aug 24 '17 at 08:35
  • @mr.boris I have edited the answer. I hope it helps. – Katu Aug 24 '17 at 08:46
  • I've added /etc/udev/rules.d/96-myusb.rules file with this rule ACTION=="add", SUBSYSTEM=="usb",ENV{ID_TYPE}=="disk", ENV{ID_USB_DRIVER}=="usb-storage",RUN+="" but it doesn't work. I still able to insert any usb device, so no changes. Why such simple thing is so complicated and nobody can help even linux pros??? – mr.incredible Oct 15 '17 at 07:28
  • @mr.boris have you replaced ID_TYPE and ID_USB_DRIVER with the values that you get in udevadm? Did you add a script to run after the RUN+? – Katu Oct 16 '17 at 09:29
  • Sorry, I think I misunderstood you. I left RUN empty because I thought that it should be empty to restrict the rest of devices as you wrote above. Yes, I have replaced it as in my previous comment: ID_TYPE=disk and ID_USB_DRIVER=usb-storage. Seems that I have to assign some bash command for my rule now (as you wrote before: RUN+="/usr/local/bin/myusb-add.sh"). Could you give me some advice what should I have in the myusb-add.sh script, please? Should it unmount usb port on udevadm event and how? How can I specify only one required usb port in the bash script? – mr.incredible Oct 17 '17 at 04:08
  • @mr.boris Yes, you have to create a script that performs the action you want when the USB is inserted. Have a look at the links posted by user.dz. There seem to be a lot of good infor in them. – Katu Oct 17 '17 at 07:15
  • I've already looked at links posted by user.dz but there's nothing about bash script that performs the main job (forbid device on specified usb port). Now I realized that udev part (device recognition) is the lesser of problems because nobody can answer how to implement a bash script since ignore_device method was removed with udev release 148. Based upon posts of users it is a pain and there is no code example how to do it and everybody redirects for searcing somewhere for something. In any case, thanks for the help. – mr.incredible Oct 17 '17 at 07:39
  • @rm.boris I edited the answer with what I would do but I haven't tested it. good luck. – Katu Oct 17 '17 at 08:08