In our research lab I'd like to disable all USB devices connected to our HP Red Hat Linux based workstations. I'd like to disable USB flash or hard drives, which users can use with physical access to a system to quickly copy sensitive data from it. How do I disable USB device support under RHEL 5.x workstation operating systems?
The USB storage drive automatically detects USB flash or hard drives. You can easily force and disable USB storage devices under any Linux distribution. The modprobe program used for automatic kernel module loading and can be configured to not load the USB storage driver upon demand. This will prevent the modprobe program from loading the usb-storage module, but will not prevent root (or another program) from using the insmod program to load the module manually.
Type the following command:
# echo 'install usb-storage : ' >> /etc/modprobe.conf
You can also remove USB Storage driver, enter:
# ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
# mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root
BIOS option
You can also disable USB from system BIOS configuration option. Make sure BIOS is password protected.
Grub option
You can get rid of all USB devices by disabling kernel support for USB via GRUB. Open grub.conf or menu.lst (Under Debian / Ubuntu Linux) and append "nousb" to the kernel line as follows:
kernel /vmlinuz-2.6.18-128.1.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 nousb
Save and close the file. Once done just reboot the system:
# reboot
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- The Novice Guide To Buying A Linux Laptop

- 10 Tools To Add Some Spice To Your UNIX Shell Scripts
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 03/16/09

Sign up for our daily email newsletter:
{ 11 comments… read them below or add one }
Someone with physical access to the computer can still easily transfer the “sensitive” files to another computer or enable the USB by using a bootable media. I would not bother with “protection” that does not protect.
I am using the same method to deny the access
Edit /etc/modprobe.conf
and added the entry
install usb_storage wall “Critical device malfunction! Drive will be formatted”
Save it
@Humberto Massa:
“…by using a bootable media” which is then secured against via disabling BIOS Boot Order (Floppy/USB/CD, then HDD, etc.)+BIOS password. One could maintain the USB bridge active, however.
It’s accepted fact the majority of data theft occurs fr in-house, disgruntled employees. This HOW-TO keeps USB abilities for admins, but locks out users.
Troll attempt fail. Go back to 4chan.
Can any one tell me how to get out of it means, I was able to disable the driver using the second option :
You can also remove USB Storage driver, enter:
# ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
# mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root
But now I do not know how to enable it back
Copy back driver and load drive into system:
insert the module by using insmod command.
insmod /lib/modules/$(uname -r)/kernel/drivers/usb/storage/
modprobe usb-storage.ko
Thanks Mohan,
I will definitely try that out and let u know …..
Thanks alot again for the help.
dear sir,
how to disable pendrive in domain user ? please give me replay
This works great!
This only works but after I restart my Lucid Lynx, the USB device storage is mounted again on the desktop.
I’ve already tried.
sudo gedit /etc/rc.local/
sudo rmmod usb_storage
sudo modprobe -r usb_storage
echo ‘install usb-storage : ‘ >> /etc/modprobe.conf
ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root
How do I really unmount it?
Nothing works for me!!!
what OS & version is yours?
if ubuntu only what you have to do is:
ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root
reboot
after that you may check “dmsg” for any bugs accruing