Difference between revisions of "Creating Block USB storage in Ubuntu"

From Notes_Wiki
(Created page with "= Blocking USB Storage Devices in Linux = This guide explains multiple methods to block USB mass storage devices by preventing the `usb-storage` and `uas` kernel modules from loading. == Method 1: Using Blacklist File == === 1. Edit the Blacklist File === Create and open a new configuration file using a text editor such as `nano`: <syntaxhighlight lang="bash"> sudo nano /etc/modprobe.d/blacklist-usb-storage.conf </syntaxhighlight> === 2. Add the Following Lines ===...")
 
Line 6: Line 6:


=== 1. Edit the Blacklist File ===
=== 1. Edit the Blacklist File ===
Create and open a new configuration file using a text editor such as `nano`:
Create and open a new configuration file using a text editor such as nano:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">

Revision as of 10:32, 24 October 2025

Blocking USB Storage Devices in Linux

This guide explains multiple methods to block USB mass storage devices by preventing the `usb-storage` and `uas` kernel modules from loading.

Method 1: Using Blacklist File

1. Edit the Blacklist File

Create and open a new configuration file using a text editor such as nano: 

sudo nano /etc/modprobe.d/blacklist-usb-storage.conf

2. Add the Following Lines

Add the following two lines to block the `usb-storage` and `uas` modules: 

blacklist usb_storage
blacklist uas

3. Save and Exit

Press **Ctrl+S** to save and **Ctrl+X** to exit the editor.

4. Update initramfs

Run the following command to update the initial RAM file system: 

sudo update-initramfs -u

5. Reboot the System

Restart your computer for the changes to take effect. The `usb-storage` and `uas` modules will no longer be loaded, effectively blocking USB mass storage devices.

Method 2: Using the Install Command

This method prevents the `usb-storage` module from loading by telling the system to execute a non-existent command instead.

1. Edit the Configuration File

Create and open a new file using a text editor: 

sudo nano /etc/modprobe.d/usb-storage.conf

2. Add the Following Line

Add the following line to block the module: 

install usb-storage /bin/true

3. Save and Exit

Press **Ctrl+S** to save and **Ctrl+X** to exit the editor.

4. Reboot the System

Restart your computer to apply the changes.

Method 3: Using the Immutable File Attribute

This method locks the configuration files so that even the root user cannot modify or delete them.

1. Set the Immutable Attribute

Use the `chattr` command to set the immutable flag on the configuration files: 

sudo chattr +i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr +i /etc/modprobe.d/usb-storage.conf

Once set, these files cannot be modified, deleted, renamed, or linked to — even by the root user.

2. Remove the Immutable Attribute (If Needed)

To make changes later, remove the immutable flag using: 

sudo chattr -i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr -i /etc/modprobe.d/usb-storage.conf
Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Creating_Block_USB_storage_in_Ubuntu&oldid=9675"