Normally when a USB device is connected to a Linux system it is automatically configured and then the device's interfaces become ready for users to access. While this is useful on most desktops use cases, there are situations where you may not want this, for example on Linux kiosks or servers where access must be limited.
Each USB device has an authorized file in the /sys interface, by writing "0" to this one disables authorization, and conversley writing a "1" to this authorizes a device to connect.
For example, to disable authorization:
echo 0 > /sys/devices/pci0000:00/0000:00:1a.7/usb1/authorized
Also, one can enable/disable authorisation on an entire USB hosts by writing to the authorized_default file:
echo 0 > devices/pci0000:00/0000:00:1d.0/usb5/authorized_default
By default, the authorized and authorized_default settings are set to 1, enabled.
No comments:
Post a Comment