peckinpah Posted March 27, 2007 Report Share Posted March 27, 2007 Is there a way to block regular non-root user access to Windows partitions? I have not been able to find a way to do this. In fact, when I log into the X-Server while in root, I don't even see a way to access Windows partitions at all, except by doing a search. Which is kinda backwards since as a regular user they are right there on the desktop under "Devices". [moved from Software by spinynorman] Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted March 28, 2007 Report Share Posted March 28, 2007 In Mandriva, they are normally under /mnt/windows for the windows mounted partitions. Unless you have more than one, then /mnt/win_c, /mnt/win_d, etc, etc. You'd most likely have to block access through options set within the /etc/fstab. Quote Link to comment Share on other sites More sharing options...
peckinpah Posted March 28, 2007 Author Report Share Posted March 28, 2007 I ran the command /etc/fstab from the terminal as su and got "permission denied". I would not have known what to do from there anyway. In Suse, I just log in as root, then right click on the Windows partition and choose properties, then set permissions as "forbidden" for the 3 types of access to the partition. I know it's irrelevant, but just thought I'd show off my tiny bit of "knowledge". Couldn't resist. Thanks for the help though. I'll play around a little more (armed with your assistance) and try to figure out a way. Quote Link to comment Share on other sites More sharing options...
tyme Posted March 28, 2007 Report Share Posted March 28, 2007 /etc/fstab isn't a command, it's a file. if you can open it (best done as root) with your favorite text editor (say, kate) or just do cat /etc/fstab as root in a terminal and post the output, we can tell you want needs to be changed to make the partitions only accessible to root. Quote Link to comment Share on other sites More sharing options...
peckinpah Posted March 30, 2007 Author Report Share Posted March 30, 2007 /dev/hda6 / ext3 defaults 1 1 /dev/hdc /mnt/cdrom auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0 /dev/hdd /mnt/cdrom2 auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0 /dev/hda1 /mnt/windows ntfs umask=0,nls=utf8,ro 0 0 none /proc proc defaults 0 0 /dev/hda8 /usr ext3 defaults 1 2 /dev/hda7 swap swap defaults 0 0 [root@localhost ltd]# OK there it is, thanks in advance! Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted March 30, 2007 Report Share Posted March 30, 2007 The main reason everyone can gain access to your NTFS partition is because of: umask=0 on your NTFS partition mount entry in fstab. You'd have to edit this entry to restrict access to the NTFS partition. Unfortunately I don't have an NTFS partition to hand to test what you need to edit this and change it to for it to take effect. Quote Link to comment Share on other sites More sharing options...
peckinpah Posted March 30, 2007 Author Report Share Posted March 30, 2007 I could play around with it and experiment. I'm guessing you just change the value to a number between like 1 and 5, right? How would I access the file though? When logged into the X-Server as root, I don't see an option to open and modify system files. I know there is a way to bring up and edit files through the CLI, but I can't remember it offhand.I used to use it to change my X86 Config file when installing the Nvidia driver. Once I figure this out, I will post it in the tips and tricks section, in case anyone else needs it. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted March 30, 2007 Report Share Posted March 30, 2007 No, there's a far larger number. I'm doing a google now to find out how we can do it. Try removing umask=0 altogether, but I think this will just give read-only access to normal users, which isn't much good, since NTFS by default mounts read-only anyway. EDIT: Try a umask of: umask=007 might do the trick, something I grabbed quickly of a post on the ubuntuforums. Quote Link to comment Share on other sites More sharing options...
peckinpah Posted March 30, 2007 Author Report Share Posted March 30, 2007 As I said earlier, I'm unable to edit my fstab file. Can't do it as a regular user due to lack of permissions, and I can't do it as root because no program that runs under the X-Server will let me access it. And finally, I can't access the file in command line because I don't know the command to "edit" a file from the terminal. I did find a way to limit access to the Windows partitions. Go into Control Center/Mount Points/Create Delete, and Resize Hard Disk Partitions. Then click on the Windows partition, and toggle to Expert Mode and click Options Uncheck the box that says, "mount the file system in read only" and also check the box that says "Do not allow execution of any binaries on the mounted file system." I also unmounted the Windows partiton, just to be safe. After I did these three things, I was unable to access the Windows partitions as a regular user. Thanks for all the help. I'm not used to people even responding to my questions, so thanks for your time and let me know if you see anything wrong with what I did. If it looks OK, I will go ahead and post the info in the Tips and Tricks section. Quote Link to comment Share on other sites More sharing options...
tyme Posted March 30, 2007 Report Share Posted March 30, 2007 Could we see the contents of the fstab file again? Just to ensure what it did, exactly. Quote Link to comment Share on other sites More sharing options...
peckinpah Posted March 31, 2007 Author Report Share Posted March 31, 2007 Sure, here it is: /dev/hda6 / ext3 defaults 1 1 /dev/hdc /mnt/cdrom auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0 /dev/hdd /mnt/cdrom2 auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0 /dev/hda1 /mnt/windows ntfs nls=utf8,noexec 0 0 none /proc proc defaults 0 0 /dev/hda8 /usr ext3 defaults 1 2 /dev/hda7 swap swap defaults 0 0 Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted March 31, 2007 Report Share Posted March 31, 2007 Seems getting rid of the umask=0 and changing ro to noexec in the /etc/fstab is what the gui did. So I was right on with the umask thing. The noexec just stops you executing files, which shouldn't have anything to do with user access rights as such. Quote Link to comment Share on other sites More sharing options...
neddie Posted March 31, 2007 Report Share Posted March 31, 2007 I thought you wanted to allow root to read the windows drives but not allow users to read them. It sounds to me like you've just unmounted the drive so noone will be able to read them. So presumably users won't be allowed to mount the drives either, but as soon as root wants to read them, root will mount them and then they'll be readable for everybody! (Actually writeable too, because you unchecked the "mount as read-only" checkbox). Is that what you wanted? Quote Link to comment Share on other sites More sharing options...
peckinpah Posted March 31, 2007 Author Report Share Posted March 31, 2007 (edited) My goal was to prevent a regular user from accessing Windows partitions, and if that was not possible to block all access from any account. I guess I will not be posting this in tips and tricks. Thanks for all your help. Edited March 31, 2007 by peckinpah Quote Link to comment Share on other sites More sharing options...
neddie Posted March 31, 2007 Report Share Posted March 31, 2007 Well, at the moment the windows drive is mounted under /mnt/windows which all users have access to. Couldn't you just change the permissions of the /mnt/windows directory so that it was owned by root and only dr-------- ? Or if it's not possible to do that, change the fstab so it mounts under /mnt2/windows instead, and change the permissions of /mnt2 so that normal users can't read it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.