Linux - DesktopThis forum is for the discussion of all Linux Software used in a desktop context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have some stand alone clients(for RHEL4AS SERVER) which are having USB ports. I want to disable these usb ports to stop data theft. How to disable this?
You can more than likely disable USB controller in computer setup (bios) at start-up, then password protect the bios if the mother board supports it to avoid users re-enabling it.
Last edited by Junior Hacker; 12-25-2008 at 04:44 AM.
you could try removing users from the plugdev group..
although the quote I am posting is from a guy that said this had no effect for him.. so he went hardcore into HAL policies, to block access to USB storage and CDROM Drives...
What I found is HAL policies and I did tons of searching and could find no examples of people using the policies to block all removable drive access, but I did find snippets here and there all over the place good enough to put me on the right track.
Disclaimer, the way I will describe below does not seem to be the "recommended" way to use policies. The default policies in Ubuntu Gutsy have a 10osvendor folder and a 20thirdparty folder located in /usr/share/hal/fdi/policies. The 10osvendor folder contains policy files (.fdi) that control how devices are handled by the system... not just drives and media.. but pretty much all hardware such as keyboards and mice, scanners, etc. ObFrom the reading that I did, the 10osvendor polices are not really supposed to be changed, but instead there should be a 30user folder created and custom policies by the user should be put there. *** I could never get any policy in the 30user folder to take effect. *** I finally ended up editing 20-storage-methods.fdi policy file in the 10osvendor folder and the systems would honor the changes.
Basically I just added the following 6 lines anywhere ABOVE the <!-- udf --> section. Just in case the exact location is critical, I actually added the lines after the <!-- EFI firmware partitions --> section. Here are the 6 lines:
Obviously, the first 3 lines take care of USB drives, the second 3 takes care of optical devices. There is very likely a cleaner way to do this. If anyone knows please provide input to the thread, but otherwise, this worked for me and hopefully can help someone else.
too bad pessulus doesn't have an option for USB storage devices.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.