How can i prevent copying data to usb devices in Linux Ubuntu 16.04. Is there anything like "Group policy" in Windows or similiar?
Asked
Active
Viewed 281 times
0
-
1Related: [*Deny non-root users to mount devices*](https://superuser.com/q/1245759/432690). – Kamil Maciorowski Apr 06 '18 at 06:41
-
USB sticks with FAT filesystems are auto-mounted with specific group and user-ids, so you have to find out which kind of auto-mounting your Ubuntu uses, and then you can modify the ids or set permissions, if the auto-mounting system allows it (Debian `usbmount` does, not sure about systemd-stuff). – dirkt Apr 06 '18 at 10:49
1 Answers
0
There may well be better, more bullet proof ways of doing it, but playing arround on my Ubuntu 16.04 system -
Ubuntu mounts disks at /media/USERNAME/XXXXXXXX so by changing the write permissions for /media/USERNAME they will not be able to access the mount point. You can do this (as root) using chmod 700 /media/USERNAME
A better way - depending on your needs - might be to stop the usb_storage module from loading, making USB disks unrecogniseable. You can do this with a command like
echo "blacklist usb-storage" >> /etc/modprobe.d/blacklist-usb.conf
And rebooting your system.
davidgo
- 68,623
- 13
- 106
- 163
-
Also see https://unix.stackexchange.com/questions/403798/set-removable-media-usb-drive-permissions-to-a-specific-group for a more complex and comprehensive method. – davidgo Apr 06 '18 at 06:23
-
Thank you! But one more question..can i give chmod 755 (only read & execute ) permission by this way? – Teymur Gahramanov Apr 07 '18 at 21:21
-
Probably not - that would depend on the filesystem on the USB drive. I'm not a a PC to check, but I'm pretty sure Ubuntu mounts the drive with the permissions of person who is logged in, and more specific file perms will override the parent mount point details provided the user can read that mount point. – davidgo Apr 07 '18 at 23:58