usbguard-daemon.conf man page

usbguard-daemon.conf -- USBGuard daemon configuration file


The usbguard-daemon.conf file is loaded by the USBGuard daemon after it parses its command-line options and is used to configure runtime parameters of the daemon. The default search path is /etc/usbguard/usbguard-daemon.conf. It may be overridden using the -c command-line option, see usbguard-daemon(8) for further details.


The USBGuard daemon will use this file to load the policy rule set from it and to write new rules received via the IPC interface.
IPCAllowedUsers=<username> [<username> ...]
A space delimited list of usernames that the daemon will accept IPC connections from.
IPCAllowedGroups=<groupname> [<groupname> ...]
A space delimited list of groupnames that the daemon will accept IPC connections from.

Security Considerations

The daemon provides the USBGuard public IPC interface. Depending on your distribution defaults, the access to this interface is limited to a certain group or a specific user only. Please set either the IPCAllowedUsers or IPCAllowedGroups options to limit access to the IPC interface. Do not leave the ACL unconfigured as that will expose the IPC interface to all local users and will allow them to manipulate the authorization state of USB devices and modify the USBGuard policy.


If you find a bug in this software or if you'd like to request a feature to be implemented, please file a ticket at <…>.

See Also

usbguard-daemon(8), usbguard-rules.conf(5)


Daniel Kopeček <>.

Referenced By

usbguard(1), usbguard-applet-qt(1), usbguard-daemon(8), usbguard-rules.conf(5).

June 2016