How to Block USB Storage Devices in Linux Servers

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

6 Responses

  1. Hariharasudhan says:


  2. karthik says:

    Hi this is karthik i have build the samba server and sharing files between 20 system how to get protected from users when they accessing it through pendrive.

  3. David says:

    usbguard has more fine-grained controls for usb devices. You can configure the service, and then any device which is not listed is blocked. It works so well that on the first couple of times I worked with it, it blocked my usb keyboard.

  4. Tomas says:

    How about adding the following to modprobe blacklist?

    blacklist usb-storage
    blacklist firewire-core
    install usb-storage /bin/true

    Saves time and works regardless of kernel upgrades.

    Also, disable usb authorization via /sys/bus/usb/devices/usbX/authorized and you’re good to go.

  5. Hneri Pasovara says:

    So after next kernel update you have to do same again either automatically or manually.

    It would be easier to blacklist by using /etc/modprobe.d/blacklist-*.conf file.

    # echo "alias usb-storage off" >> /etc/modprobe.d/blacklist-usbstorage.conf

    But how about allowing only certain encrypted/locked USB storage devices? That’s bit more complicated by managing udev rules.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.