One of the most common security issues in a company is the leakage of information, this is usually due to unrestricted access to the use of mass storage devices such as memories and USB drives, burners CD / DVD, Internet, etc.
This time, I’m going to teach them how we can restrict a user’s access to USB mass storage devices on Linux, so they don’t lose access to the port in case they need to connect a mouse USB or charge a battery through it.
Note: all types of USB mass storage devices will be disabled, including music players, cameras, and more.
The first thing we need to do is remove the user from the group
To do this, run the following line on the terminal:
sudo gpasswd -d [usuario] plugdev
This will be used because once logged in, Linux do not allow access to these USB devices, but it will not work if the device is connected from before the system starts.
To avoid these situations, we need to make one
in the archive
, As follows:
sudo gedit /etc/modprobe.d/blacklist.conf
We add the following lines to the end of the open file:
# Restricción de acceso a dispositivos de almacenamiento masivo USB por Ubunlog.com blacklist usb_storage
We save and close the edited file.
Now we just need to reboot our system for the changes to take effect.
In case your USB ports continue to automatically mount the storage media and all after following these steps, I recommend you read the post I wrote for Ubuntizing the planet called “Disable USB disk loading in Ubuntu (Extreme Edition)«, In it you can find some steps to follow a little more drastic to ensure the correct deactivation of USB ports by means of storage.