FedoraForum.org - Fedora Support Forums and Community
Results 1 to 7 of 7
  1. #1
    Join Date
    Jul 2010
    Posts
    101

    How to disable USB storage device for ONLY normal user

    Hello,
    I am running Fedora 12 OS on my machine. I would like to disable the USB devices for normal users so that usb-storage devices cannot be plugged in.
    However at the same time a mouse or a keypad may/could have a usb connection.
    Please note that root should be able to use the usb storage devices.
    How can the same be done on fedora 12? Any replies/suggestions will be appreciated. I would prefer not to do it via the BIOS options.

  2. #2
    Join Date
    Oct 2008
    Posts
    498

    Re: How to disable USB storage device for ONLY normal user

    Hi,

    You probably cannot prevent the user from plugging in USB devices; however, you can make it hard for them to get those devices mounted, hence used.

    Here is briefly the idea:

    1. On Fedora when an USB device is connected, udev creates a proper device in /dev (actually, the kernel spots it first and plays its part, but this is irrelevant to the topic);

    2. Next, a message is sent over dbus that a new device is available

    3. Next, a component of the desktop environment picks up the message and mounts the disk.

    You probably cannot (and/or do not want to) mess up with step 1.

    At step 2, you might be able to block certain messages over dbus using its config files. I haven't done this, so can't give much a detailed advice, but dbus is well-documented and the config files are mostly XML.

    Achieving your goal at step 3 it might be a little easier than in step 2. A system component named PolicyKit is engaged in order to allow or not access to given system resources, including disks. Again, reading the docs is the best place to start.

    WWell,

  3. #3
    Join Date
    Jul 2010
    Posts
    101

    Re: How to disable USB storage device for ONLY normal user

    Thanks for your reply. I wll give it a try though I am concerned playing around with config files etc from a development perspective. I would rather prefer something which fedora may already have in built...some config file which is well documented.
    Please note that I want the USB port to work for a mouse or a keyboard but not for a usb storage device. Hope somebody who has already encountered this issue can share the solution.

  4. #4
    kyryder Guest

    Re: How to disable USB storage device for ONLY normal user

    Hello,

    I believe if you Add the following line to /etc/modprobe.d/dist.conf to prevent loading of the usb-storage kernel module, but root should still be able to load the module with the insmod program manually:
    Code:
    install usb-storage /bin/true
    .

    You could also disable automounting through gnome somehow, it used be through gnome-volume-manger, but now ??

    If you want to dissable usb all together you can just add nousb to the end of the kernel line but that will kill usb keyboards and mice.

    Of course none of this keeps someone from booting a usb stick ect. For that you will need to disable the usb boot option in the bios.


    Hope this helps,

    Ky
    Last edited by kyryder; 8th October 2010 at 05:13 AM.

  5. #5
    stevea Guest

    Re: How to disable USB storage device for ONLY normal user

    Kryder's first approach, except you chould blacklist the driver with

    su -
    <passwd>
    echo "blacklist usb-storage" >> /etc/modprobe.d/blacklist.conf


    Removing the module isn't smart unless you rebuild the modules list, and ceases to be effective when you update the kernel.

  6. #6
    Join Date
    Oct 2008
    Posts
    498

    Re: How to disable USB storage device for ONLY normal user

    Hi,

    You can try this:

    1. Go to /etc/polkit-1/localauthority.conf.d nd create a file named "99-whatever.conf" (only the beginning "99-" of the name is important).

    2. Put inside something like this (or modify to your taste; read man pklocalauthority):

    Code:
    [org freedesktop udisks filesystem-mount]
    Identity=unix-user:*
    Action=org.freedesktop.udisks.filesystem-mount
    ResultAny=no
    ResultInactive=no
    ResultActive=auth_admin
    This will ask the user for the root password every time he wants to mount a removable media.

    WWell,

  7. #7
    Join Date
    Jul 2010
    Posts
    101

    Re: How to disable USB storage device for ONLY normal user

    Thanks for all your suggestions. I did try the option below as root.

    blacklist usb-storage" >> /etc/modprobe.d/blacklist.conf

    I can see that the .conf file has the new entry ...but it yet allows me or any other user to plug in the usb drive. I wonder why this is not working.....THis is a simple and good option.
    I will try the other options and get back to you.

Similar Threads

  1. Replies: 2
    Last Post: 8th January 2009, 08:45 AM
  2. USB storage device
    By Berticus in forum Hardware & Laptops
    Replies: 5
    Last Post: 9th October 2005, 02:59 PM
  3. Replies: 1
    Last Post: 16th June 2005, 04:03 PM
  4. Replies: 3
    Last Post: 19th November 2004, 07:16 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •