Tony's ramblings on Open Source Software, Life and Photography

Disabling USB Storage in Ubuntu for Security

Published September 22, 2009, 10:00 am | by tony

For security reasons, many businesses are completely disabling USB storage devices on the computers at work. Particularly if you are like me and work with healthcare information, it's doubly important that not only no one can bring in a virus, but that they also can't leave with any private information.

In Linux the risk of viruses are small to nonexistent, however USB sticks automatically mount for reading and writing regardless. There's an easy way in recent Ubuntu distributions to disable USB storage devices. Simply blacklist the kernel driver:

sudo echo "blacklist usb-storage" >> /etc/modprobe.d/blacklist.conf

After that, nobody can use a USB memory stick in that computer, but still allows the administrator(s) to manually load the module and use it.

I'll be giving more enterprise Linux tips in the near future if all goes well.


Categories:
tapas's picture

That is nice but then also

Submitted by tapas (not verified) on Tue, 11/24/2009 - 16:02.

That is nice but then also tell how to re enable it

tony's picture

Remove the line from the

Submitted by tony on Fri, 11/27/2009 - 00:40.

Remove the line from the blacklist file using nano or vi?

Cristobal's picture

Nice trick

Submitted by Cristobal (not verified) on Sat, 03/06/2010 - 16:38.

Nice trick, thanks, and I would like to know how to enable the usb storage, thanks

Dan's picture

Re-enabling USB

Submitted by Dan (not verified) on Fri, 04/02/2010 - 00:09.

Your tip for disabling was easy and elegant. one line typed at the root terminal and its gone. would it be possible to provide something equally easy to re-enable? Or if not, then provide step-by-step instructions for how to bring it back? i'm trying to administer a group of netbooks for teachers in a school. they trusted me to put linux on. i am new to this but know linux is right. i need a way to back out individual users on an "as needed" basis if this becomes necessary. thanks!

tony's picture

Reverse what you did? Edit

Submitted by tony on Fri, 04/02/2010 - 08:37.

Reverse what you did? Edit the /etc/modprobe.d/blacklist.conf file and remove the line that says "blacklist usb-storage". Then reboot.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account associated with the e-mail address you provide, it will be used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <br> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for preventing automated spam submissions. It is case sensitive.
Image CAPTCHA
Enter the characters shown in the image.