The file manager on Linux devices supports all removable media that have the following characteristics:
- The removable media has an entry in the /etc/fstab file.
- The user option is specified in the entry for the removable media in the /etc/fstab file.
- A hotplug daemon detects and auto mounts USM mass storage devices such as cameras, sticks, and flash memory readers inside the /mnt or /media locations.
JumpCloud provides a policy that allows you to block any USB mass storage device with these characteristics.
Creating a Linux Removable Storage Policy
Normally, when the Linux file manager detects new media, an object for the media is added to the desktop. After you apply this policy to a device and reboot it, the Linux file manager won't mount any USB that the user inserts.
- To apply a policy to a device, it must be running on a supported OS. Before you assign a policy, you can follow the instructions in Assign a Policy to a Device.
- To apply a policy to a group of device, you must define system groups. Before you assign a policy, you can follow the instructions in Create a Device Group.
To create a Linux removable storage policy:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- Click ( + ).
- On the Configure New Policy panel, select Linux.
- To the right of Disable USB Storage click configure.
- In POLICY NAME you can type in a new title if necessary.
- To apply the policy to one or more devices, click Devices. Next to System Name, select the options for all the devices where you want to apply this policy.
- To apply the policy to a defined group of devices, select the Device Groups tab. Next to Device Group Name, select the options for all the groups where you want to apply this policy.
- Click save policy.
- Restart all devices where you applied the removable storage policy.
Viewing Policy Status
After a policy is created and saved, it may take a few minutes for the policy to be enforced on the device. When the policy is running, you can view its status to determine if the policy has been successfully applied or it it requires your attention.
To view policy status:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- Click the Disable USB Storage policy that you just created.
- Click Status.
- To see the last Result Log for a device where this policy is applied, in the results list next to a device, click View.
If any errors occur, they are listed in Exit Status. If you have an Exit Status of 0, no errors have occurred when applying or enforcing this policy.
Deleting a Linux Removable Storage Policy
There are several ways you can permit users to access removable storage devices after creating a policy to block access:
- If you want to allow users on a specific device to access storage devices, you can remove that device from the policy without removing the policy itself.
- You can also remove groups of devices from the policy without removing the policy itself.
- To allow all Linux devices managed by JumpCloud to access removable storage devices, you can remove the policy completely.
Remember that allowing users access to removable media poses risks, including data theft and the introduction of malware.
To allow users to access Linux removable storage:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- If you want to remove devices from the policy, click Disable USB Storage or the name that you gave this policy. Go to Devices. Clear the options for all devices that you want to remove. Click save policy.
- If you want to remove groups from the policy, click Disable USB Storage or the name that you gave this policy. Select the Device Groups tab. Clear the options for all groups that you want to remove. Click save policy.
- If you want to completely remove the policy, select Disable USB Storage, or the name you gave to this policy. Click delete. On the Delete Policy confirmation screen, click continue.
Learn More
Manage Removable Storage on Windows Devices