Jump to content
Sign in to follow this  
peckinpah

Blocking Access to Windows Partitions?

Recommended Posts

Good idea neddie :thumbs:

 

Sometimes we think too much of doing it the hard way with the mountpoints, when in fact it could be so much simpler with changing rights on a directory at a higher level.

Share this post


Link to post
Share on other sites

Another thought:

I can't access the file in command line because I don't know the command to "edit" a file from the terminal.

There may be lots of other times you just want to edit a file which belongs to root, so it's worth learning how to do this, for the future. I'll assume for a second that you're using KDE, and are comfortable with the Kate editor. So open up a console window, and type

su

and enter your root password. This gives you root superpowers. Now, type the following to open up the Kate editor:

kate

This now opens Kate but because you were root when you launched it, Kate also gets your root superpowers. So be careful! You can now open up your file /etc/fstab as normal with File -> Open and because it's running as root, you can edit and save it. The colours will probably appear a little different when you're root, as a little warning that you can now break stuff.

Share this post


Link to post
Share on other sites

I believe you already solved it with your method in MCC, however, another method based on what neddie was saying.

 

If Windows is mounting under /mnt/windows, then you could do this:

 

chown root:root /mnt
chmod 600 /mnt

 

then root only has access to /mnt, and means no users can get at what's underneath it. Unfortunately, this also means any usb stick or whatever will have problems mounting. Therefore I'd be tempted to make a separate directory, and then alter where windows mounts in the /etc/fstab.

 

So, for example:

 

mkdir /restricted
chmod 600 /restricted
mkdir /restricted/windows

 

then, edit /etc/fstab and replace /mnt/windows with the directory as above in my example.

 

That way you don't stop people mounting other stuff under /mnt like cd-rom drives, usb keys, etc.

Share this post


Link to post
Share on other sites
Well, at the moment the windows drive is mounted under /mnt/windows which all users have access to. Couldn't you just change the permissions of the /mnt/windows directory so that it was owned by root and only dr-------- ? Or if it's not possible to do that, change the fstab so it mounts under /mnt2/windows instead, and change the permissions of /mnt2 so that normal users can't read it.
It wouldn't work, fstab will overwrite the permissions that you give to the directory when it mounts the windows partition (IIRC). Removing the umask really is the best solution. In your second suggestion (giving /mnt2 different permissions) it could still be possible to navigate to /mnt2/windows based on the permissions given to the Windows folder when mounted by fstab. You should couldn't go down the tree to it (/ -> /mnt2 -> /mnt2/windows) you'd have to go directly to it (/ -> /mnt2/windows), i.e. cd /mnt2/windows/. I could be wrong, however, I'm pretty sure it works this way - that mounted partitions do not inherit the permissions of the directory they are mounted to or any of it's parent directories.

Share this post


Link to post
Share on other sites
I could be wrong, however, I'm pretty sure it works this way
In this case, yes, you're wrong! :P If the /mnt2/ directory has permissions dr-x------ then it doesn't matter whether subdirectories are read/write for the whole world, if a normal user hasn't got x permissions on the /mnt2 directory then they can't get to the subdirectories of it, whether they cd directly to them or not.

 

You're right about changing the permissions of the mount point not working though, I wasn't sure when I wrote that (which is why I said "or if it's not possible.." !) and you're right it doesn't work.

Share this post


Link to post
Share on other sites
I could be wrong, however, I'm pretty sure it works this way
In this case, yes, you're wrong! :P If the /mnt2/ directory has permissions dr-x------ then it doesn't matter whether subdirectories are read/write for the whole world, if a normal user hasn't got x permissions on the /mnt2 directory then they can't get to the subdirectories of it, whether they cd directly to them or not.
Ah, I wasn't sure. The other part I was sure of, though :D

Share this post


Link to post
Share on other sites

How do you edit your own post?

I didn't want users and nousers,but instead user and nouser.

 

Another thing I,ve noticed.

Protection is only as secure as to who has access to your computer,and not so much your files on that computer.

Anybody with a live cd can read every file there is on your computer.Even on your windows partition.

And even those hidden windows OS files.

You can encrypt the files to further enhance your protection against someone reading them in this case.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...