Question

4

How to restrict access to a NTFS partition to a standard (non-admin) user?

rated 0 times [ 4] [ 0] / answers: 1 / hits: 2637 / 3 Years ago, sun, may 9, 2021, 9:50:57

I am using Ubuntu 12.04. I have 4 NTFS partitions. I have made 2 users: One for myself (Admin) and one for family (standard/non-admin).

I successfully restricted the access to my home folder from this standard user. Now I want to restrict it from accessing ALL my NTFS partitions. How can I do this?

I checked Restrict access from another user to the NTFS partition but though the answer is accepted it doesn't seem to have helped that OP either as seen in the comments later.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

algicuade

Add To Favorites

Follow

Total Points: 317

Total Questions: 89

Total Answers: 106

Location: Saint Pierre and Miquelon

Member since Fri, Jan 28, 2022

2 Years ago

algicuade questions

1 bash: do not show the part of the line that is in the search terms of the grep command

Fri, Jul 22, 22, 04:10, 2 Years ago

1 ERR trap gets a return code of 1; there is no stderr text I can find for a statement "(( kIdx++ ))" why?

Fri, Jul 1, 22, 11:59, 2 Years ago

1 How to read with timeout without making bash consider it an error?

Wed, Jul 13, 22, 09:04, 2 Years ago

1 Not able to use propietary nvidia drivers properly on Ubuntu 21.04

Tue, Mar 14, 23, 01:07, 1 Year ago

1 iPhone connection: is it possible to change some settings?

Tue, Apr 5, 22, 19:04, 2 Years ago

View All

answered 3 Years ago nnaisdio · Accepted Answer

Open fstab file as using
```
gksudo gedit /etc/fstab
```

You should add line in /etc/fstab file as follows,
```
/dev/sda7   /media/EXTRA    ntfs-3g noauto,uid=XXX,unmask=7 0   0
```
Here XXX is my user id. You can find yours with id command and /dev/sda7 is the partition I want to restrict access to.

Create a folder named EXTRA in /media/ as follows,
```
sudo mkdir /media/EXTRA
```

Now whenever you login you need to mount it as,
```
sudo mount /dev/sda7 /media/EXTRA
```

Done!

Explanation:

If a particular partition contains a VFAT or NTFS filesystem and you only wish to be able to access it yourself, it's pretty simple:

Include the options "noauto", "uid=XXX", and "umask=7" in fstab line and remove the "user" and/or "users" options if they appear there now.

This means that at boot time the system will come up with that partition unmounted, and only you (operating as root, using sudo presumably) can mount it.

Once mounted, it will be owned by your unprivileged user (assuming that that user's uid is XXX, which is given to the first user created at install time in MDV installs - check with the "id" command run as that user, and adjust fstab accordingly) and
will be inaccessible to all other local users.

To mount your restricted 4 partitions by issuing mount command four times is a boring task. To cut that boring task, I have written a shell script:

#!/bin/bash

#Mount Unmount secret partitions now with choice of partition

function checkPartitions(){

    local state=$1

    local dev=$2

    case $state in

    "unmounted")

        mount | grep -q $dev

        if [ $? -eq 1 ]; then

            echo $dev

        fi

        ;;

    "mounted")

        mount | grep -q $dev

        if [ $? -eq 0 ]; then

            echo $dev

        fi

        ;;

    esac

}



function safeUnmount() {

    local dev=$1

    mount | grep -q $dev

    if [ $? -eq 0 ]; then

        echo "Device $dev found. Unmounting now"

        sudo umount $dev

        if [ $? -eq 0 ]; then

            echo "Device $dev unmounted successfully."

        else

            echo "You are not root??"

        fi

    else

        echo "Device $dev is already unmounted."

    fi 

}



function safeMount() {

    local dev=$1

    mount | grep -q $dev

    if [ $? -eq 1 ]; then

        echo "Device $dev not found. Mounting now"

        sudo mount $dev

        if [ $? -eq 0 ]; then

            echo "Device $dev mounted successfully."

        else

            echo "You are not root??"

        fi

    else

        echo "Device $dev is already mounted."

    fi 

}



echo -e "What you want to do? 

 1. Mount Secret Partitions 

 2. Unmount Secret Partitions"

read -p "Enter your choice :" choice



case $choice in

1)

    echo -e "You want to Mount your secret partitions"

    echo "-------List of Unmounted secret partitions-------"

    checkPartitions "unmounted" "/dev/sdaX1"

    checkPartitions "unmounted" "/dev/sdaX2"

    checkPartitions "unmounted" "/dev/sdaX3"

    checkPartitions "unmounted" "/dev/sdaX4"

    anythingelse="y"

    #echo -e "

"

    while [ $anythingelse == y -o $anythingelse == Y ]; do

        read -p "Which partition should be mounted?" partNum

            safeMount "/dev/sda"$partNum

        read -p "Do you want to mount any other partition? [y/n]" anythingelse

    done

    ;;

2)

    echo -e "You want to Unmount your secret partitions

"

    echo "--------List of Mounted secret partitions--------"

    checkPartitions "mounted" "/dev/sdaX1"

    checkPartitions "mounted" "/dev/sdaX2"

    checkPartitions "mounted" "/dev/sdaX3"

    checkPartitions "mounted" "/dev/sdaX4"

    anythingelse="y"

    #echo -e "

"

    while [ $anythingelse == y -o $anythingelse == Y ]; do

        read -p "Which partition should be unmounted?" partNum

            safeUnmount "/dev/sda"$partNum

        read -p "Do you want to unmount any other partition? [y/n]" anythingelse

    done

    ;;

esac

Replace /dev/sdaX with your 4 partitions.

Save as secret-mount-unmount.sh and then issue a command

chmod +x /path/to/file/secret-mount-unmount.sh

Double click the file and then hit Run in Terminal and proceed.