How to run a shell script when a new USB storage device is detected?

logging scripts screenshot mass-storage

I want a script that dumps the log and starts logging on it as soon as a usb mass storage is plugged (with the file 'OKdump' on it).And if anything abnormal(Like a error that is visually present) is detected i want it to take a screenshot and save it on the same drive.


Use Udev. Udev is a device manager daemon. Amongst other things it is responsible for naming your devices. You can define udev-rules by putting files with a certain syntax in the rules directory. The rules can do many things - in particular they can run scripts, when a certain device is connected.

How to solve your problem:

First you need to gather information on your device. Let's say you connected it, and know it goes under the name /dev/sdb1. If so run:

udevadm info -a -p $(udevadm info -q path -n /dev/sdb1)

The command will output information about your device. It's a rather lengthy. You need to find something that identifies the device uniquely. That could be a serial like ATTRS{serial}=="UA04FLGC" or a combination of other attributes such as ATTRS{idVendor} and ATTRS{idProduct}. Most of the names are more or less self explanatory. Pick one or a combination of a few that seem reasonable - if they don't work, try something else.

Once you have found a unique identifier create a file in /etc/udev/rules.d that starts with two digits and ends with .rules. The two digits specify the order of processing these .rules-files - 70-usb-log-custom.rules should be a fine choice for you. The syntax of this rule file can be very complex. If you're interested, google udev. If not just open the newly created file and edit it to look something like this:

# /etc/udev/rules.d/70-usb-log-custom.rules

KERNEL=="sd?1", ATTRS{serial}=="UA04FLGC", ACTION=="add", SYMLINK+="cusb1", RUN+="/home/confus/bin/usb-encrypt.sh add %k"
ENV{ID_FS_USAGE}=="crypto", ACTION=="remove", RUN+="/home/confus/bin/usb-encrypt.sh remove %k"
SUBSYSTEM=="usb", SYSFS{idVendor}=="1781", SYSFS{idProduct}=="0c9f", GROUP="users", MODE="0666"

This is an actual udev file I am using. It has three rules in it. Every line is a rule of it's own. The first line runs a script to create a decrypted device whenever an encrypted disk is connected. The second line invokes the same script with different options in the event the decrypted device is removed. The third line sets permissions for another related device.

Most likely you will only need the first line. Delete the rest and insert the right serial (or compination of parameters you picked to identify your device).

Explanation of my file:

KERNEL=="sd?1" says the device we're looking for in this rule is named along the lines of /dev/sda1, /dev/sdc1 or something like that. The questionmark is a wildcard for any letter. ATTRS{serial}=="UA04FLGC" is the unique identifier here. For the other device I was talking about (third line) I'm not using the serial number but a combination of SYSFS{idVendor}=="1781" and SYSFS{idProduct}=="0c9f" to identify it.

ACTION=="add" tells the rule it should only act when the device is added; not when it's removed.

SYMLINK+="cusb1" creates a symlink to the disk so one will find it under /dev/cusb1.

RUN+="/home/confus/bin/usb-encrypt.sh add %k" runs the script and passes 'add' and '%k' (the device name) to it.

I will not give more detail, as there are excellent tutorials on udev rules. What you read here should be enough to get stared though.

Related

Issue with Virt-manager
Mouse mysteriously stops working on my right-hand screen
How to add/remove buttons to Nautilus toolbar?
Can I reset everything to its factory default settings?
How to fix missing Dropbox tray icon?
What is the active MAC Address of my computer?
How to install termite
How to install gnome 3.29.92 or 3.30 in Ubuntu 18.04?
Fingerprint reader in ubuntu 18.04
Automatically reconnect wireless connection
How to remove everything Ubuntu One-related?
Is it safe to shutdown computer without unmounting NTFS partitions?