ianw1974 Posted April 1, 2007 Report Share Posted April 1, 2007 Good idea neddie Sometimes we think too much of doing it the hard way with the mountpoints, when in fact it could be so much simpler with changing rights on a directory at a higher level. Quote Link to comment Share on other sites More sharing options...
neddie Posted April 1, 2007 Report Share Posted April 1, 2007 Another thought: I can't access the file in command line because I don't know the command to "edit" a file from the terminal. There may be lots of other times you just want to edit a file which belongs to root, so it's worth learning how to do this, for the future. I'll assume for a second that you're using KDE, and are comfortable with the Kate editor. So open up a console window, and type su and enter your root password. This gives you root superpowers. Now, type the following to open up the Kate editor: kate This now opens Kate but because you were root when you launched it, Kate also gets your root superpowers. So be careful! You can now open up your file /etc/fstab as normal with File -> Open and because it's running as root, you can edit and save it. The colours will probably appear a little different when you're root, as a little warning that you can now break stuff. Quote Link to comment Share on other sites More sharing options...
peckinpah Posted April 1, 2007 Author Report Share Posted April 1, 2007 So, 17 posts later, the solution is to do what? Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted April 1, 2007 Report Share Posted April 1, 2007 I believe you already solved it with your method in MCC, however, another method based on what neddie was saying. If Windows is mounting under /mnt/windows, then you could do this: chown root:root /mnt chmod 600 /mnt then root only has access to /mnt, and means no users can get at what's underneath it. Unfortunately, this also means any usb stick or whatever will have problems mounting. Therefore I'd be tempted to make a separate directory, and then alter where windows mounts in the /etc/fstab. So, for example: mkdir /restricted chmod 600 /restricted mkdir /restricted/windows then, edit /etc/fstab and replace /mnt/windows with the directory as above in my example. That way you don't stop people mounting other stuff under /mnt like cd-rom drives, usb keys, etc. Quote Link to comment Share on other sites More sharing options...
peckinpah Posted April 1, 2007 Author Report Share Posted April 1, 2007 OK, sounds good, will do. Thanks again for your help! Quote Link to comment Share on other sites More sharing options...
tyme Posted April 2, 2007 Report Share Posted April 2, 2007 Well, at the moment the windows drive is mounted under /mnt/windows which all users have access to. Couldn't you just change the permissions of the /mnt/windows directory so that it was owned by root and only dr-------- ? Or if it's not possible to do that, change the fstab so it mounts under /mnt2/windows instead, and change the permissions of /mnt2 so that normal users can't read it.It wouldn't work, fstab will overwrite the permissions that you give to the directory when it mounts the windows partition (IIRC). Removing the umask really is the best solution. In your second suggestion (giving /mnt2 different permissions) it could still be possible to navigate to /mnt2/windows based on the permissions given to the Windows folder when mounted by fstab. You should couldn't go down the tree to it (/ -> /mnt2 -> /mnt2/windows) you'd have to go directly to it (/ -> /mnt2/windows), i.e. cd /mnt2/windows/. I could be wrong, however, I'm pretty sure it works this way - that mounted partitions do not inherit the permissions of the directory they are mounted to or any of it's parent directories. Quote Link to comment Share on other sites More sharing options...
neddie Posted April 3, 2007 Report Share Posted April 3, 2007 I could be wrong, however, I'm pretty sure it works this wayIn this case, yes, you're wrong! :P If the /mnt2/ directory has permissions dr-x------ then it doesn't matter whether subdirectories are read/write for the whole world, if a normal user hasn't got x permissions on the /mnt2 directory then they can't get to the subdirectories of it, whether they cd directly to them or not. You're right about changing the permissions of the mount point not working though, I wasn't sure when I wrote that (which is why I said "or if it's not possible.." !) and you're right it doesn't work. Quote Link to comment Share on other sites More sharing options...
tyme Posted April 4, 2007 Report Share Posted April 4, 2007 I could be wrong, however, I'm pretty sure it works this wayIn this case, yes, you're wrong! :P If the /mnt2/ directory has permissions dr-x------ then it doesn't matter whether subdirectories are read/write for the whole world, if a normal user hasn't got x permissions on the /mnt2 directory then they can't get to the subdirectories of it, whether they cd directly to them or not.Ah, I wasn't sure. The other part I was sure of, though :D Quote Link to comment Share on other sites More sharing options...
mandri Posted April 12, 2007 Report Share Posted April 12, 2007 I think,as neddie has already said,that changing the entry "users" to "nousers" in fstab as root will give you the results you are looking for. users vs. nousers Quote Link to comment Share on other sites More sharing options...
mandri Posted April 12, 2007 Report Share Posted April 12, 2007 How do you edit your own post? I didn't want users and nousers,but instead user and nouser. Another thing I,ve noticed. Protection is only as secure as to who has access to your computer,and not so much your files on that computer. Anybody with a live cd can read every file there is on your computer.Even on your windows partition. And even those hidden windows OS files. You can encrypt the files to further enhance your protection against someone reading them in this case. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.