Those who work with users in institutions that require certain restrictions, either to guarantee a level of security, or by some idea or order "from above" (as we say here), many times need to implement some access restrictions on computers, here I will talk specifically about restricting or controlling access to USB storage devices.
Table of Contents
Restrict USB using modprobe (didn't work for me)
This is not exactly a new practice, it consists of adding the usb_storage module to the blacklist of the kernel modules that are loaded, it would be:
echo usb_storage> $ HOME / blacklist sudo mv $ HOME / blacklist /etc/modprobe.d/
Then we restart the computer and that's it.
Disable USB by removing kernel driver (didn't work for me)
Another option would be to remove the USB driver from the kernel, for this we execute the following command:
sudo mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb* /root/
We reboot and ready.
This will move the file containing the USB drivers used by the kernel to another folder (/ root /).
If you want to undo this change, it will be enough with:
sudo mv /root/usb* /lib/modules/$(uname -r)/kernel/drivers/usb/storage/
Restrict access to USB devices by changing / media / permissions (IF it worked for me)
This is so far the method that certainly works for me. As you should know, USB devices are mounted on / media / o… if your distro uses systemd, they are mounted on / run / media /
What we will do is change the permissions to / media / (or / run / media /) so that ONLY the root user can access its content, for this it will be enough:
sudo chmod 700 /media/
or ... if you use Arch or any distro with systemd:
sudo chmod 700 /run/media/
Once this is done, the USB devices when connected will be mounted, but no notification will appear to the user, nor will they be able to directly access the folder or anything.
There are some other ways explained on the net, for example using Grub ... but, guess what, it didn't work for me either 🙂
I post so many options (even though not all of them worked for me) because an acquaintance of mine bought a digital camera at a online store technology products in Chile, he remembered that script spy-usb.sh that a while ago I explained hereI remember, it serves to spy on USB devices and steal information from these) and asked me if there was any way to prevent information from being stolen from his new camera, or at least some option to block USB devices on his home computer.
Anyway, although this is not a protection for your camera against all the computers in which you can connect it, at least it will be able to protect the home PC from the removal of sensitive information through USB devices.
I hope it has been (as always) useful for you, if anyone knows of any other method to deny access to USB in Linux and of course, it works without problems, let us know.