Jump to content

Blocking Access to Windows Partitions?


peckinpah
 Share

Recommended Posts

Is there a way to block regular non-root user access to Windows partitions? I have not been able to find a way to do this. In fact, when I log into the X-Server while in root, I don't even see a way to access Windows partitions at all, except by doing a search. Which is kinda backwards since as a regular user they are right there on the desktop under "Devices".

 

 

[moved from Software by spinynorman]

Link to comment
Share on other sites

In Mandriva, they are normally under /mnt/windows for the windows mounted partitions. Unless you have more than one, then /mnt/win_c, /mnt/win_d, etc, etc.

 

You'd most likely have to block access through options set within the /etc/fstab.

Link to comment
Share on other sites

I ran the command /etc/fstab from the terminal as su and got "permission denied". I would not have known what to do from there anyway.

 

In Suse, I just log in as root, then right click on the Windows partition and choose properties, then set permissions as "forbidden" for the 3 types of access to the partition. I know it's irrelevant, but just thought I'd show off my tiny bit of "knowledge". Couldn't resist.

 

Thanks for the help though. I'll play around a little more (armed with your assistance) and try to figure out a way.

Link to comment
Share on other sites

/etc/fstab isn't a command, it's a file. if you can open it (best done as root) with your favorite text editor (say, kate) or just do cat /etc/fstab as root in a terminal and post the output, we can tell you want needs to be changed to make the partitions only accessible to root.

Link to comment
Share on other sites

/dev/hda6 / ext3 defaults 1 1

/dev/hdc /mnt/cdrom auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0

/dev/hdd /mnt/cdrom2 auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0

/dev/hda1 /mnt/windows ntfs umask=0,nls=utf8,ro 0 0

none /proc proc defaults 0 0

/dev/hda8 /usr ext3 defaults 1 2

/dev/hda7 swap swap defaults 0 0

[root@localhost ltd]#

 

OK there it is, thanks in advance!

Link to comment
Share on other sites

The main reason everyone can gain access to your NTFS partition is because of:

 

umask=0

 

on your NTFS partition mount entry in fstab. You'd have to edit this entry to restrict access to the NTFS partition. Unfortunately I don't have an NTFS partition to hand to test what you need to edit this and change it to for it to take effect.

Link to comment
Share on other sites

I could play around with it and experiment. I'm guessing you just change the value to a number between like 1 and 5, right?

 

How would I access the file though? When logged into the X-Server as root, I don't see an option to open and modify system files. I know there is a way to bring up and edit files through the CLI, but I can't remember it offhand.I used to use it to change my X86 Config file when installing the Nvidia driver.

 

Once I figure this out, I will post it in the tips and tricks section, in case anyone else needs it.

Link to comment
Share on other sites

No, there's a far larger number. I'm doing a google now to find out how we can do it. Try removing umask=0 altogether, but I think this will just give read-only access to normal users, which isn't much good, since NTFS by default mounts read-only anyway.

 

EDIT:

 

Try a umask of:

 

umask=007

 

might do the trick, something I grabbed quickly of a post on the ubuntuforums.

Link to comment
Share on other sites

As I said earlier, I'm unable to edit my fstab file. Can't do it as a regular user due to lack of permissions, and I can't do it as root because no program that runs under the X-Server will let me access it. And finally, I can't access the file in command line because I don't know the command to "edit" a file from the terminal.

 

I did find a way to limit access to the Windows partitions. Go into Control Center/Mount Points/Create Delete, and Resize Hard Disk Partitions. Then click on the Windows partition, and toggle to Expert Mode and click Options Uncheck the box that says, "mount the file system in read only" and also check the box that says "Do not allow execution of any binaries on the mounted file system." I also unmounted the Windows partiton, just to be safe.

 

After I did these three things, I was unable to access the Windows partitions as a regular user.

 

Thanks for all the help. I'm not used to people even responding to my questions, so thanks for your time and let me know if you see anything wrong with what I did. If it looks OK, I will go ahead and post the info in the Tips and Tricks section.

Link to comment
Share on other sites

Sure, here it is:

 

/dev/hda6 / ext3 defaults 1 1

/dev/hdc /mnt/cdrom auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0

/dev/hdd /mnt/cdrom2 auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0

/dev/hda1 /mnt/windows ntfs nls=utf8,noexec 0 0

none /proc proc defaults 0 0

/dev/hda8 /usr ext3 defaults 1 2

/dev/hda7 swap swap defaults 0 0

Link to comment
Share on other sites

Seems getting rid of the umask=0 and changing ro to noexec in the /etc/fstab is what the gui did.

 

So I was right on with the umask thing. The noexec just stops you executing files, which shouldn't have anything to do with user access rights as such.

Link to comment
Share on other sites

I thought you wanted to allow root to read the windows drives but not allow users to read them. It sounds to me like you've just unmounted the drive so noone will be able to read them. So presumably users won't be allowed to mount the drives either, but as soon as root wants to read them, root will mount them and then they'll be readable for everybody! (Actually writeable too, because you unchecked the "mount as read-only" checkbox). Is that what you wanted?

Link to comment
Share on other sites

Well, at the moment the windows drive is mounted under /mnt/windows which all users have access to. Couldn't you just change the permissions of the /mnt/windows directory so that it was owned by root and only dr-------- ? Or if it's not possible to do that, change the fstab so it mounts under /mnt2/windows instead, and change the permissions of /mnt2 so that normal users can't read it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...