Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Drive access prevention

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
cr8rm8or



Joined: Sat Sep 08, 2012 9:47 pm
Posts: 4

PostPosted: Sun Mar 23, 2014 3:53 pm    Post subject: Drive access prevention Reply with quote

I have 12 machines with a Microsoft W7/8 drive and a linux drive in each. Ubuntu was installed without the W7/8 drive connected so grub doesn't know about the other drive. I'd like to block Ubuntu GUI access to the W7/8 drive for all users, understanding that sudo has to be available to users.
Is there a way to prevent all users from mounting the drive from the GUI?
Is causing the drive to mount read only through fstab my best option? Better ideas?

I maintain the linux side of the computers and others maintain the W8 side in our computer club. Being nice (subservient) on my part is necessary unless we get our own machines in the classroom. They already envy my 3 hours of maintenance per quarter compared to their very frequent attention to the other OS.
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2435

PostPosted: Sun Mar 23, 2014 4:07 pm    Post subject: Reply with quote

Haven't tried it, so some 'homework' Wink for you: using the alias command, redirect the GUI to a script that checks if the user wants to mount the Win-drive and rejects it if it does, causing it to bomb out with a "not authorised" message. Otherwise or in conjuncture, redirect the mountpoint of the Win-drive to an inaccessible part of the file tree, like /dev/junk or /proc/junk, where the user has no permissions. (and not even a remote possibility to obtain such Razz )

HTH!
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8464
Location: Warrington, UK

PostPosted: Sun Mar 23, 2014 5:18 pm    Post subject: Reply with quote

You could also try setting umask for the drives to 777 in fstab. Users will still be able to mount them, but have no read or write access.

Sudo can be used to prevent some commands being run as root, but I doubt the GUI uses sudo. If it uses udisks, you can add a rule to stop them being mountable.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
cr8rm8or



Joined: Sat Sep 08, 2012 9:47 pm
Posts: 4

PostPosted: Fri Mar 28, 2014 2:05 pm    Post subject: Drive access prevention Reply with quote

Thanks to the Dutch_Master !
I followed his hints and came up with a solution which works in our situation.

sudo blkid will list the UUID of the partitions
cp /etc/fstab to origs is where I backed up the existing fstab file
sudo nano /etc/fstab to edit fstab, added a line as below with UUID for the windows drive
UUID=xxxxxxxxxxxxx /dev/junk ntfs noauto,nouser,noexec,nodev,ro 0 0

This process made the Microsoft partitions invisible to Nautilus. Students can't see them so they won't try to mount them. /dev/junk is bogus and ntfs isn't going to work either. It turned out to be simple. Thanks to all for ideas.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8464
Location: Warrington, UK

PostPosted: Fri Mar 28, 2014 2:16 pm    Post subject: Reply with quote

That doesn't stop them mounting thm in a terminal. Maybe it would be simpler to restrict the sudo access you give users. Surely you aren't giving them unrestricted access to run all commands? Set up sudo to allow the commands they need, an make sure mount is not one of them.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast