Disable all USB devices for all users
The Problem
Disable all communications on all USB ports for all users (preferably remove power but as I'll point out below I don't think this is possible). I'm currently using Linux Mint 18.
What I Have Tried
- Disabling the power: stackoverflow.com/questions/4702216
- Blacklisting storage devices and removing all users from plugdev: askubuntu.com/questions/153964
- Removing all drivers for USB ports: ubuntuforums.org/showthread.php?t=1692251
- Searching for a method to turn off via the BIOS. No options available.
- Turning the laptop off and on again after each attempt.
None of the above seemed to work (tested by using a USB mouse & memory stick).
I haven't gotten round to trying the suggestion in unix.stackexchange.com/questions/274203 yet (which might disable keyboards and mice), however, allowing root to subvert blacklists is also not allowed.
I get the feeling that removal of drivers may be the best solution (placing in root for testing at least), but I'd need to know which drivers to target so that I don't break anything else.
I'd kind of prefer not having to get the soldering kit out to make a hardware adjustment if at all possible...
linux-mint usb users
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
asked Jun 23 '17 at 18:52
user3303504user3303504
162
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
The Problem
Disable all communications on all USB ports for all users (preferably remove power but as I'll point out below I don't think this is possible). I'm currently using Linux Mint 18.
What I Have Tried
- Disabling the power: stackoverflow.com/questions/4702216
- Blacklisting storage devices and removing all users from plugdev: askubuntu.com/questions/153964
- Removing all drivers for USB ports: ubuntuforums.org/showthread.php?t=1692251
- Searching for a method to turn off via the BIOS. No options available.
- Turning the laptop off and on again after each attempt.
None of the above seemed to work (tested by using a USB mouse & memory stick).
I haven't gotten round to trying the suggestion in unix.stackexchange.com/questions/274203 yet (which might disable keyboards and mice), however, allowing root to subvert blacklists is also not allowed.
I get the feeling that removal of drivers may be the best solution (placing in root for testing at least), but I'd need to know which drivers to target so that I don't break anything else.
I'd kind of prefer not having to get the soldering kit out to make a hardware adjustment if at all possible...
linux-mint usb users
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
asked Jun 23 '17 at 18:52
user3303504user3303504
162
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
If you're going to vote me down could I at least have a reason for why?
– user3303504
Jun 23 '17 at 19:05
add a comment |
The Problem
Disable all communications on all USB ports for all users (preferably remove power but as I'll point out below I don't think this is possible). I'm currently using Linux Mint 18.
What I Have Tried
- Disabling the power: stackoverflow.com/questions/4702216
- Blacklisting storage devices and removing all users from plugdev: askubuntu.com/questions/153964
- Removing all drivers for USB ports: ubuntuforums.org/showthread.php?t=1692251
- Searching for a method to turn off via the BIOS. No options available.
- Turning the laptop off and on again after each attempt.
None of the above seemed to work (tested by using a USB mouse & memory stick).
I haven't gotten round to trying the suggestion in unix.stackexchange.com/questions/274203 yet (which might disable keyboards and mice), however, allowing root to subvert blacklists is also not allowed.
I get the feeling that removal of drivers may be the best solution (placing in root for testing at least), but I'd need to know which drivers to target so that I don't break anything else.
I'd kind of prefer not having to get the soldering kit out to make a hardware adjustment if at all possible...
linux-mint usb users
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
asked Jun 23 '17 at 18:52
user3303504user3303504
162
The Problem
Disable all communications on all USB ports for all users (preferably remove power but as I'll point out below I don't think this is possible). I'm currently using Linux Mint 18.
What I Have Tried
- Disabling the power: stackoverflow.com/questions/4702216
- Blacklisting storage devices and removing all users from plugdev: askubuntu.com/questions/153964
- Removing all drivers for USB ports: ubuntuforums.org/showthread.php?t=1692251
- Searching for a method to turn off via the BIOS. No options available.
- Turning the laptop off and on again after each attempt.
None of the above seemed to work (tested by using a USB mouse & memory stick).
I haven't gotten round to trying the suggestion in unix.stackexchange.com/questions/274203 yet (which might disable keyboards and mice), however, allowing root to subvert blacklists is also not allowed.
I get the feeling that removal of drivers may be the best solution (placing in root for testing at least), but I'd need to know which drivers to target so that I don't break anything else.
I'd kind of prefer not having to get the soldering kit out to make a hardware adjustment if at all possible...
linux-mint usb users
linux-mint usb users
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
asked Jun 23 '17 at 18:52
user3303504user3303504
162
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
asked Jun 23 '17 at 18:52
user3303504user3303504
162
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
edited Jun 24 '17 at 7:32
Tomasz
10.1k53067
10.1k53067
asked Jun 23 '17 at 18:52
user3303504user3303504
162
asked Jun 23 '17 at 18:52
user3303504user3303504
162
asked Jun 23 '17 at 18:52
user3303504user3303504
162
162
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
If you're going to vote me down could I at least have a reason for why?
– user3303504
Jun 23 '17 at 19:05
add a comment |
If you're going to vote me down could I at least have a reason for why?
– user3303504
Jun 23 '17 at 19:05
If you're going to vote me down could I at least have a reason for why?
– user3303504
Jun 23 '17 at 19:05
If you're going to vote me down could I at least have a reason for why?
– user3303504
Jun 23 '17 at 19:05
add a comment |
2 Answers
2
active
oldest
votes
I have an option in the BIOS to disable all USB ports. I have disabled camera, microphone & bluetooth.
For security reasons is good to disable USB ports. Many companies do it. However if you want to do it in Linux, there is a driver called "usb-storage". Try removing it, or if not possible, try forbidding it (blacklisting it).
As said in the discussion, try blacklisting it. Go to /etc/modprobe.d/blacklist.conf and add blacklist usb-storage
See the discussion in OpenSUSE: https://forums.opensuse.org/showthread.php/441492-how-to-disable-usb-storage
answered Jun 23 '17 at 21:14
DankataDankata
5217
As referenced in the question, this should block storage devices only. However, I need to block all USB devices. Also, I have now tried implementing both the blacklisting of usb-storage and usbhid. Usbhid successfully prevents mice, however, usb sticks still mount and load for all users.
– user3303504
Jun 24 '17 at 14:53
add a comment |
You can add a udev rule similar to this:
ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", RUN+="/usr/bin/usbdevinserted.sh"
And, in usbdevinserted.sh, add commands to lock access to this USB.
Also, you can remove users from usb group (or other group that provides access to usb devices)
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f373045%2fdisable-all-usb-devices-for-all-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I have an option in the BIOS to disable all USB ports. I have disabled camera, microphone & bluetooth.
For security reasons is good to disable USB ports. Many companies do it. However if you want to do it in Linux, there is a driver called "usb-storage". Try removing it, or if not possible, try forbidding it (blacklisting it).
As said in the discussion, try blacklisting it. Go to /etc/modprobe.d/blacklist.conf and add blacklist usb-storage
See the discussion in OpenSUSE: https://forums.opensuse.org/showthread.php/441492-how-to-disable-usb-storage
answered Jun 23 '17 at 21:14
DankataDankata
5217
As referenced in the question, this should block storage devices only. However, I need to block all USB devices. Also, I have now tried implementing both the blacklisting of usb-storage and usbhid. Usbhid successfully prevents mice, however, usb sticks still mount and load for all users.
– user3303504
Jun 24 '17 at 14:53
add a comment |
I have an option in the BIOS to disable all USB ports. I have disabled camera, microphone & bluetooth.
For security reasons is good to disable USB ports. Many companies do it. However if you want to do it in Linux, there is a driver called "usb-storage". Try removing it, or if not possible, try forbidding it (blacklisting it).
As said in the discussion, try blacklisting it. Go to /etc/modprobe.d/blacklist.conf and add blacklist usb-storage
See the discussion in OpenSUSE: https://forums.opensuse.org/showthread.php/441492-how-to-disable-usb-storage
answered Jun 23 '17 at 21:14
DankataDankata
5217
As referenced in the question, this should block storage devices only. However, I need to block all USB devices. Also, I have now tried implementing both the blacklisting of usb-storage and usbhid. Usbhid successfully prevents mice, however, usb sticks still mount and load for all users.
– user3303504
Jun 24 '17 at 14:53
add a comment |
I have an option in the BIOS to disable all USB ports. I have disabled camera, microphone & bluetooth.
For security reasons is good to disable USB ports. Many companies do it. However if you want to do it in Linux, there is a driver called "usb-storage". Try removing it, or if not possible, try forbidding it (blacklisting it).
As said in the discussion, try blacklisting it. Go to /etc/modprobe.d/blacklist.conf and add blacklist usb-storage
See the discussion in OpenSUSE: https://forums.opensuse.org/showthread.php/441492-how-to-disable-usb-storage
answered Jun 23 '17 at 21:14
DankataDankata
5217
I have an option in the BIOS to disable all USB ports. I have disabled camera, microphone & bluetooth.
For security reasons is good to disable USB ports. Many companies do it. However if you want to do it in Linux, there is a driver called "usb-storage". Try removing it, or if not possible, try forbidding it (blacklisting it).
As said in the discussion, try blacklisting it. Go to /etc/modprobe.d/blacklist.conf and add blacklist usb-storage
See the discussion in OpenSUSE: https://forums.opensuse.org/showthread.php/441492-how-to-disable-usb-storage
answered Jun 23 '17 at 21:14
DankataDankata
5217
answered Jun 23 '17 at 21:14
DankataDankata
5217
answered Jun 23 '17 at 21:14
DankataDankata
5217
answered Jun 23 '17 at 21:14
DankataDankata
5217
5217
As referenced in the question, this should block storage devices only. However, I need to block all USB devices. Also, I have now tried implementing both the blacklisting of usb-storage and usbhid. Usbhid successfully prevents mice, however, usb sticks still mount and load for all users.
– user3303504
Jun 24 '17 at 14:53
add a comment |
As referenced in the question, this should block storage devices only. However, I need to block all USB devices. Also, I have now tried implementing both the blacklisting of usb-storage and usbhid. Usbhid successfully prevents mice, however, usb sticks still mount and load for all users.
– user3303504
Jun 24 '17 at 14:53
As referenced in the question, this should block storage devices only. However, I need to block all USB devices. Also, I have now tried implementing both the blacklisting of usb-storage and usbhid. Usbhid successfully prevents mice, however, usb sticks still mount and load for all users.
– user3303504
Jun 24 '17 at 14:53
As referenced in the question, this should block storage devices only. However, I need to block all USB devices. Also, I have now tried implementing both the blacklisting of usb-storage and usbhid. Usbhid successfully prevents mice, however, usb sticks still mount and load for all users.
– user3303504
Jun 24 '17 at 14:53
add a comment |
You can add a udev rule similar to this:
ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", RUN+="/usr/bin/usbdevinserted.sh"
And, in usbdevinserted.sh, add commands to lock access to this USB.
Also, you can remove users from usb group (or other group that provides access to usb devices)
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
add a comment |
You can add a udev rule similar to this:
ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", RUN+="/usr/bin/usbdevinserted.sh"
And, in usbdevinserted.sh, add commands to lock access to this USB.
Also, you can remove users from usb group (or other group that provides access to usb devices)
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
add a comment |
You can add a udev rule similar to this:
ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", RUN+="/usr/bin/usbdevinserted.sh"
And, in usbdevinserted.sh, add commands to lock access to this USB.
Also, you can remove users from usb group (or other group that provides access to usb devices)
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
You can add a udev rule similar to this:
ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", RUN+="/usr/bin/usbdevinserted.sh"
And, in usbdevinserted.sh, add commands to lock access to this USB.
Also, you can remove users from usb group (or other group that provides access to usb devices)
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
answered Feb 20 '18 at 10:09
AlmuHSAlmuHS
1447
1447
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f373045%2fdisable-all-usb-devices-for-all-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
If you're going to vote me down could I at least have a reason for why?
– user3303504
Jun 23 '17 at 19:05