I want to configure Ubuntu (16.04) to prevent users from using removable media, specifically USB drives.
You can prevent automount as per.
gsettings set org.gnome.desktop.media-handling automount false
However, although this action disables auto-mounting of the device, it does not affect use of the device. I.E. as soon as you ‘open’ the USB icon on the desktop, the device mounts!
Running df upon opening the graphical USB desktop item:
/dev/sdb1 3780564 120 3780444 1% /media/user/xxxx-xxxx
I do not want the device to automount under any circumstances. You could argue that the device is still ‘automounting’ when you click on the desktop icon, as the user has not explicitly run a command to mount the device. For instance:
sudo mount /dev/sdb1 /media/user/xxxx-xxxx
Is there a schema/key combination in gsettings where I can set a value, in such a way, that only ‘root’ can use USB devices? In other words, I do not want USB devices to be accessible unless explicitly mounted by root.
I have also found these two answers; one and two.
However, as a relatively inexperienced user, I'm hesitant to implement the instructions as given, as the answer mentions to "blacklist the kernel driver".. whilst I do not doubt the validity of the information given, this gives me the impression that it is really for advanced users only. Likewise, the 'man' page for modprobe refers to "adding/removing modules to the Linux Kernel".
Is this the only way to go about blocking USB access, or is there a Schema/Key combination in gsettings where I can simply set the value of a key as appropriate?
To clarify, I am explicitly referring to USB storage/drives, as I have a keyboard and pointer connected via USB.
0 Answers