Monday, 6 July 2009

Authorising USB devices for access

Normally when a USB device is connected to a Linux system it is automatically configured and then the device's interfaces become ready for users to access. While this is useful on most desktops use cases, there are situations where you may not want this, for example on Linux kiosks or servers where access must be limited.

Each USB device has an authorized file in the /sys interface, by writing "0" to this one disables authorization, and conversley writing a "1" to this authorizes a device to connect.

For example, to disable authorization:

echo 0 > /sys/devices/pci0000:00/0000:00:1a.7/usb1/authorized

Also, one can enable/disable authorisation on an entire USB hosts by writing to the authorized_default file:

echo 0 > devices/pci0000:00/0000:00:1d.0/usb5/authorized_default

By default, the authorized and authorized_default settings are set to 1, enabled.

No comments:

Post a comment