usbguard-daemon man page

usbguard-daemon — USBGuard daemon


usbguard-daemon [Options]


The usbguard-daemon is the main component of the USBGuard software framework. It runs as a service in the background and enforces the USB device authorization policy for all USB devices. The policy is defined by a set of rules using a rule language described in usbguard-rules.conf(5). The policy and the authorization state of USB devices can be modified during runtime using the usbguard(1) tool.



Enable debugging messages in the log.


Enable classical daemon behavior (fork at start, sysV compliant).


Log to syslog.


Log to console. (default)


Disable Logging to console.

-l path

Log to a file at path.

-p path

Write PID to a file at path (default: /var/run/

-c path

Load configuration from a file at path (default: /etc/usbguard/usbguard-daemon.conf).


Show the help/usage screen.

Security Considerations

The daemon provides the USBGuard public IPC interface. Depending on your distribution defaults, the access to this interface is limited to a certain group or a specific user only. Please refer to the usbguard-daemon.conf(5) man page for more information on how to configure the ACL correctly. Do not leave the ACL unconfigured as that will expose the IPC interface to all local users. That will allow them to manipulate the authorization state of USB devices and modify the USBGuard policy.

See Also

usbguard-daemon.conf(5), usbguard-rules.conf(5), usbguard(1), usbguard-applet-qt(1)

Unresolved directive in usbguard-daemon.8.adoc - include::footer.adoc[]

Referenced By

usbguard(1), usbguard-applet-qt(1), usbguard-daemon.conf(5), usbguard-dbus(8), usbguard-rules.conf(5).