LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices

Reply
 
LinkBack Search this Thread
Old 12-24-2008, 07:42 PM   #1
visitnag
Member
 
Registered: Mar 2008
Posts: 147

Rep: Reputation: 15
how to disable USB port


I have some stand alone clients(for RHEL4AS SERVER) which are having USB ports. I want to disable these usb ports to stop data theft. How to disable this?
 
Old 12-24-2008, 07:44 PM   #2
amani
Senior Member
 
Registered: Jul 2006
Location: Kolkata, India
Distribution: 64-bit GNU/Linux, Kubuntu64, Fedora QA, Slackware,
Posts: 2,754

Rep: Reputation: Disabled
You restrict users...through groups ...not disable usb
 
Old 12-25-2008, 02:47 AM   #3
visitnag
Member
 
Registered: Mar 2008
Posts: 147

Original Poster
Rep: Reputation: 15
Ok! but how to restrict users in client pcs? I dont want users to read or write or copy data into the system thru usb(especially pendrive)

Last edited by visitnag; 12-25-2008 at 02:50 AM.
 
Old 12-25-2008, 04:42 AM   #4
Junior Hacker
Senior Member
 
Registered: Jan 2005
Location: North America
Distribution: Debian testing Mandriva Ubuntu
Posts: 2,687

Rep: Reputation: 59
You can more than likely disable USB controller in computer setup (bios) at start-up, then password protect the bios if the mother board supports it to avoid users re-enabling it.

Last edited by Junior Hacker; 12-25-2008 at 04:44 AM.
 
Old 12-25-2008, 05:27 AM   #5
hasanatizaz
Member
 
Registered: Nov 2007
Location: Pakistan
Distribution: Redhat and Debian
Posts: 302
Blog Entries: 1

Rep: Reputation: 34
i havent tried this but you can remove usb_storage from the kernel.
 
Old 12-31-2008, 11:20 AM   #6
visitnag
Member
 
Registered: Mar 2008
Posts: 147

Original Poster
Rep: Reputation: 15
I wanted to disable...the device...not to permanently remove. Whenever i want i could enable the same...
 
Old 12-31-2008, 01:28 PM   #7
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
you could try removing users from the plugdev group..

although the quote I am posting is from a guy that said this had no effect for him.. so he went hardcore into HAL policies, to block access to USB storage and CDROM Drives...

Quote:
Originally Posted by getut
http://ubuntuforums.org/archive/index.php/t-623829.html

What I found is HAL policies and I did tons of searching and could find no examples of people using the policies to block all removable drive access, but I did find snippets here and there all over the place good enough to put me on the right track.

Disclaimer, the way I will describe below does not seem to be the "recommended" way to use policies. The default policies in Ubuntu Gutsy have a 10osvendor folder and a 20thirdparty folder located in /usr/share/hal/fdi/policies. The 10osvendor folder contains policy files (.fdi) that control how devices are handled by the system... not just drives and media.. but pretty much all hardware such as keyboards and mice, scanners, etc. ObFrom the reading that I did, the 10osvendor polices are not really supposed to be changed, but instead there should be a 30user folder created and custom policies by the user should be put there. *** I could never get any policy in the 30user folder to take effect. *** I finally ended up editing 20-storage-methods.fdi policy file in the 10osvendor folder and the systems would honor the changes.

Basically I just added the following 6 lines anywhere ABOVE the <!-- udf --> section. Just in case the exact location is critical, I actually added the lines after the <!-- EFI firmware partitions --> section. Here are the 6 lines:
Code:
<match key="@block.storage_device:storage.removable" bool="true">
<merge key="volume.ignore" type="bool">true</merge>
</match>

<match key="storage.drive_type" string="cdrom">
<merge key="volume.ignore" type="bool">true</merge>
</match>
Obviously, the first 3 lines take care of USB drives, the second 3 takes care of optical devices. There is very likely a cleaner way to do this. If anyone knows please provide input to the thread, but otherwise, this worked for me and hopefully can help someone else.
too bad pessulus doesn't have an option for USB storage devices.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dell Laptop Broken USB port. How to disable? newb sfumato Linux - Hardware 2 10-06-2005 03:49 PM
How to disable a port, such as 21? iclinux Linux - Networking 2 01-10-2005 04:48 AM
How do I disable a firewire port? rentz Linux - Hardware 0 12-22-2003 03:33 PM
How to disable application(s) using port 22 Johnnyboy Linux - Newbie 7 09-21-2003 10:18 AM
Disable Port 80 dvong3 Linux - Security 2 09-19-2003 08:32 AM


All times are GMT -5. The time now is 05:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration