Unmount or refuse unwanted USB drives

Hi everyone,

I am trying to find a way to restrict my kids to mount USB drives/keys on my Raspberry Pi with OSMC. I have searched for a few days now on the internet on Linux, Kodi, OpenElec, LibreElec and OSMC forums without success. Have found a few hint to answers without much details that might work, but am not a programmer, so had no success.

I do not need to make it rock secure. I would like a simple recipe that would simply unmount or refuse to mount USB drives, keys or CD/DVD that do not respect one or more criteria.

For example, if drive name is “MyUsbKey”, it is formated in F2FS and has an hidden file named “.ABCD1234”, than mount it. Otherwise, either unmount it or don’t mount it at all… Of course, this rule would have to apply for a USB device plugged in before boot. If after booting the criteria don’t match, unmount/don’t mount it…

I hope my goal is clear. Anyone have a suggestion ?

Thanks in advance.

JY

This is a bit of a tricky one, as evidenced by the lack of replies.

There are many ways to skin this particular cat, but I think the simplest and most practical method for you is to disable the udisks-glue service and create specific fstab entries for each of your “authorised” USB devices.

First, to find the identifier (UUID) of devices you wish to authorise, type blkid. Here’s an example:

osmc@osmc:~$ blkid
/dev/mmcblk0p1: UUID="7A51-069A" TYPE="vfat" PARTUUID="6244dd12-01"
/dev/mmcblk0p2: UUID="5f623acd-7038-4bbd-9c7b-acf4705bc07d" TYPE="ext4" PARTUUID="6244dd12-02"
/dev/sda1: UUID="2C36-5545" TYPE="vfat"
/dev/sdb1: LABEL="29GB" UUID="270039e3-b846-4e38-aeda-544e23c1090b" TYPE="ext4" PARTUUID="01217391-01"
/dev/mmcblk0: PTUUID="6244dd12" PTTYPE="dos"

In this case, I have two external USB devices: /dev/sda1 and /dev/sdb1, with UUIDs of 2C36-5545 and 270039e3-b846-4e38-aeda-544e23c1090b, respectively. Also make note of the TYPEs, since you’ll need these later.

To disable the udisks-glue service, type:

sudo systemctl disable udisks-glue.service

You’ll now need to create a separate mount point for each authorised device. The names are for you to choose but they should ideally be created under /mnt and be meaningful in some way. In this example, UUID 2C36-5545 will go to /mnt/videos and UUID 270039e3-b846-4e38-aeda-544e23c1090b to /mnt/music. So:

sudo mkdir /mnt/videos
sudo mkdir /mnt/music

Now edit /etc/fstab and add two lines:

UUID=2C36-5545 /mnt/videos vfat defaults,noatime,nofail 0 0
UUID=270039e3-b846-4e38-aeda-544e23c1090b /mnt/music ext4 defaults,noatime,nofail 0 0

You’ll see that I’ve used the TYPEs from the blkid command here (vfat and ext4).

If you now reboot OSMC, any “authorised” device that’s plugged in should be automatically mounted. If you later plug in a drive while OSMC is running, you can mount it with:

sudo mount /mnt/music or sudo mount /mnt/video

As long as nobody else has access to the osmc userid, other USB drives shouldn’t be usable on the box. Of course, there might be some unforeseen complications with this method that I haven’t thought of. :wink: Good luck!

Edit: Updated, after @grahamh’s suggestions.

2 Likes

Should there be an automount and noauto option in there somewhere? Or doesn’t that work without udisks-glue?

From the mount man page:

defaults
Use the default options: rw, suid, dev, exec, auto, nouser, and
async.

Note that the real set of all default mount options depends on
kernel and filesystem type.

So Sam might have overridden auto in the kernel - but appears not to have done so, since it auto mounts on startup, which seems to be sensible in this context.

IIRC noauto means don’t wait forever if the disc is not there on startup.

You’ve kicked me in the right direction. I want to mount a device if it exsts, as per the OP’s wishes, and (clearly) not hang the boot if it doesn’t exist. The answer seems to be nofail.

UUID="2C36-5545" /mnt/tst1 vfat defaults,noatime,nofail 0 0
UUID="1234-5678" /mnt/tst2 vfat defaults,noatime,nofail 0 0

The reboot works even with a fake UUID and automatically mounts the real UUID.

osmc@osmc:~$ df
Filesystem     1K-blocks    Used Available Use% Mounted on
devtmpfs          377792       0    377792   0% /dev
tmpfs             382912     416    382496   1% /run
/dev/mmcblk0p2  14935048 8572564   5580764  61% /
tmpfs             382912       0    382912   0% /dev/shm
tmpfs               5120       0      5120   0% /run/lock
tmpfs             382912       0    382912   0% /sys/fs/cgroup
/dev/sda1       30294560      80  30294480   1% /mnt/tst1
tmpfs              76584       0     76584   0% /run/user/1000

Thanks for the prod! :wink:

I did modify fstab (yes, nofail is essential), disabled udisks-glue.service and bingo !

Wow guys, this works exactly as I was hoping. It is a little hack that fits perfectly my needs. I was worried about “coding” something complicated. But no, this was simple to do and straigth to the point.

Thanks a bunch to dillthedog and grahamh.

1 Like

If you’d like it to work with sticks inserted after boot up you could try adding the x-systemd.automount option to each line in /etc/fstab. That should mean that you could plug a stick in and it would mount automatically (if it’s valid) when you first access it.

This is untested but the consensus seems to be that it may work.