Difference between revisions of "Creating Block USB storage in Ubuntu"
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Blocking USB Storage Devices in Linux = | = Blocking USB Storage Devices in Linux = | ||
This guide explains multiple methods to block USB mass storage devices | This guide explains multiple methods to block USB mass storage devices. | ||
== Method 1: Using Blacklist File == | == Method 1: Using Blacklist File == | ||
=== 1. Edit the Blacklist File === | === 1. Edit the Blacklist File === | ||
Create and open a new configuration file using a text editor such as nano: | Create and open a new configuration file using a text editor such as '''nano''': | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 13: | Line 13: | ||
=== 2. Add the Following Lines === | === 2. Add the Following Lines === | ||
Add the following two lines to block the usb-storage and uas modules: | Add the following two lines to block the '''usb-storage''' and '''uas''' modules: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 29: | Line 29: | ||
=== 4. Reboot the System === | === 4. Reboot the System === | ||
Restart your computer for the changes to take effect. | Restart your computer for the changes to take effect. | ||
The | The '''usb-storage''' and '''uas''' modules will no longer be loaded, effectively blocking USB mass storage devices. | ||
---- | ---- | ||
| Line 35: | Line 35: | ||
== Method 2: Using the Install Command == | == Method 2: Using the Install Command == | ||
This method prevents the | This method prevents the '''usb-storage''' module from loading by telling the system to execute a non-existent command instead. | ||
=== 1. Edit the Configuration File === | === 1. Edit the Configuration File === | ||
| Line 83: | Line 83: | ||
sudo chattr -i /etc/modprobe.d/blacklist-usb-storage.conf | sudo chattr -i /etc/modprobe.d/blacklist-usb-storage.conf | ||
sudo chattr -i /etc/modprobe.d/usb-storage.conf | sudo chattr -i /etc/modprobe.d/usb-storage.conf | ||
</syntaxhighlight> | |||
=== 3. Update initramfs === | |||
Run the following command to update the initial RAM file system: | |||
<syntaxhighlight lang="bash"> | |||
sudo update-initramfs -u | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 10:59, 24 October 2025
Blocking USB Storage Devices in Linux
This guide explains multiple methods to block USB mass storage devices.
Method 1: Using Blacklist File
1. Edit the Blacklist File
Create and open a new configuration file using a text editor such as nano:
sudo nano /etc/modprobe.d/blacklist-usb-storage.conf
2. Add the Following Lines
Add the following two lines to block the usb-storage and uas modules:
blacklist usb_storage
blacklist uas
3. Update initramfs
Run the following command to update the initial RAM file system:
sudo update-initramfs -u
4. Reboot the System
Restart your computer for the changes to take effect. The usb-storage and uas modules will no longer be loaded, effectively blocking USB mass storage devices.
Method 2: Using the Install Command
This method prevents the usb-storage module from loading by telling the system to execute a non-existent command instead.
1. Edit the Configuration File
Create and open a new file using a text editor:
sudo nano /etc/modprobe.d/usb-storage.conf
2. Add the Following Line
Add the following line to block the module:
install usb-storage /bin/true
3. Update initramfs
Run the following command to update the initial RAM file system:
sudo update-initramfs -u
4. Reboot the System
Restart your computer to apply the changes.
Method 3: Using the Immutable File Attribute
This method locks the configuration files so that even the root user cannot modify or delete them.
1. Set the Immutable Attribute
Use the chattr command to set the immutable flag on the configuration files:
sudo chattr +i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr +i /etc/modprobe.d/usb-storage.conf
Once set, these files cannot be modified, deleted, renamed, or linked to — even by the root user.
2. Remove the Immutable Attribute (If Needed)
To make changes later, remove the immutable flag using:
sudo chattr -i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr -i /etc/modprobe.d/usb-storage.conf
3. Update initramfs
Run the following command to update the initial RAM file system:
sudo update-initramfs -u
