hi there,
i would like to know a way to disable the usb storage capability of the clients computers on a LAN, running opensuse 11.2.
– I tried the modprobe -r usb-storage , but nothing happend
– i tried the nousb option when loading the kernel, it worked, but mouse which was connected through usb port was also disabled
– also there is no usb-storage.ko driver inside the /lib/modules/2.6.31.12-0.2-desktop/kernel/drivers/usb/storage folder… there isn’t the storage folder itself
So I suggest you give this a try. Find the file 00-system.conf located in the folder /etc/modprobe.d and add this command near the top of the file:
blacklist usb_storage
You can use kwrite to do this using the kde desktop with the run command:
kdesu kwrite /etc/modprobe.d/00-system.conf
I gave this a try by first inserting a USB thumb drive into my PC. It worked, automouted without the above command in place, but after adding in the blacklist usb_storage and a reboot, it no longer would automount.
Now I do have an external USB drive which I mount in my fstab file, and it did mount properly with the added command. So, this is no sort of extensive testing on my part, but worth a try.
I tried this under openSUSE 11.2, but no success yet.
Maybe this is the reason:
lsmod does not list any usb modules
(before and after adding the blacklist usb_storage (or usb-storage?) line
to /etc/modprobe.d/50-blacklist.conf ).
Nevertheless, kde offers me the USB drive when plugged in.
Now for the line found take the bus:slot:func part and do:
lspci -vvv -s bus:slot:func ( in my case lspci -vvv -s 00:06.0 )
My output:
Knurpht:/home/glosscomputer # lspci -vvv -s 00:06.0
00:06.0 USB Controller: nVidia Corporation MCP79 OHCI USB 1.1 Controller (rev b1) (prog-if 10 [OHCI])
Subsystem: ASUSTeK Computer Inc. Device 1d17
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0 (750ns min, 250ns max)
Interrupt: pin A routed to IRQ 21
Region 0: Memory at f7f7d000 (32-bit, non-prefetchable) [size=4]
Capabilities: [44] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Kernel driver in use: ohci_hcd
It will show the driver in use, in my case ‘ohci_hcd’. If I do the same for 00:06:1, it tells me ‘ehci_hcd’ is in use.
Now disconnect the device, and see if those two have been unloaded:
lsmod | grep ci_hcd
You will see, they are not loaded anymore. Now add those 2 to 50-blacklist.conf, reboot and repeat the actions above to check whether the storage device will work. I guess not.[/size]
On 2010-07-05 17:56, dim hatzi wrote:
>
> hi there,
> i would like to know a way to disable the usb storage capability of the
> clients computers on a LAN, running opensuse 11.2.
Good question.
> – I tried the modprobe -r usb-storage , but nothing happend
> – i tried the nousb option when loading the kernel, it worked, but
> mouse which was connected through usb port was also disabled
> – also there is no usb-storage.ko driver inside the
> /lib/modules/2.6.31.12-0.2-desktop/kernel/drivers/usb/storage folder…
> there isn’t the storage folder itself
Thanks for the hints.
Unfortunately, the output of lspci -vvv is identical, before and after plugging in the USB stick. The next step would probably be to look for options of hal, which seems
to be active in this game.
However, I came up with a different and simple solution:
add to /etc/fstab for all device names that are possible for USB sticks on the given computer a line like this one:
/dev/sdb1 /media/usbstick auto noatime,nodiratime,noauto,nouser 0 0
make sure that the given mountpoint (above: /media/usbstick) is
not existing or has reduced rights so that only root (or similar) can access it
I’ve had success with openSUSE11.0 restricting the USB ports to a select group of users using PolicyKit (I can give more details if you want) but this does not work with 11.2 (64-bit version). I’ve tried many of the steps above and things I’ve seen in other forums and still no luck. Does anybody have a working solution?
I’ve seen that HAL is deprecated and supposed to be rolled into udev … does anyone know if HAL and PolicyKit are still functional (or supposed to be) with openSUSE11.2, or is it already phased out?
PolicyKit There is (parallel) a new version of PolicyKit (Policy Kit 1, polkit oder polkit-1) used. It has a new language and no graphical frontend. I used it to restrict myself form using PackageKit for any updates (the GNOME Update Applet has just the function to inform me and the updates I make in the Software Manager or in YOU-YaST Online Updater). But I have not tried to manipulate anything about HAL or udev. Maybe someone else nows about that? Regards pistazienfresser
On 2010-10-07 22:06, rlawrie wrote:
>
> I’ve had success with openSUSE11.0 restricting the USB ports to a select
> group of users using PolicyKit (I can give more details if you want) but
> this does not work with 11.2 (64-bit version).
I would be interested, but as you say it no longer works, then the interest dies
> I’ve seen that HAL is deprecated and supposed to be rolled into udev
> … does anyone know if HAL and PolicyKit are still functional (or
> supposed to be) with openSUSE11.2, or is it already phased out?
I understand that both are functional in 11.2, but hal was to be phased in 11.3 - but then many kde
apps broke, so hal had to be left for the moment, with somewhat limited functionality: I think some
apps use it, other do not.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
The problem may be changing a USB mouse or if the mouse is not stuck: users that are able to use the system without a mouse…/