Ubuntu – How to restrict access to a NTFS partition to a standard (non-admin) user

ntfsrestricted-accessusers

I am using Ubuntu 12.04. I have 4 NTFS partitions. I have made 2 users: One for myself (Admin) and one for family (standard/non-admin).

I successfully restricted the access to my home folder from this standard user. Now I want to restrict it from accessing ALL my NTFS partitions. How can I do this?

I checked Restrict access from another user to the NTFS partition but though the answer is accepted it doesn't seem to have helped that OP either as seen in the comments later.

Best Answer

  1. Open fstab file as using

    gksudo gedit /etc/fstab

  2. You should add line in /etc/fstab file as follows,

    /dev/sda7   /media/EXTRA    ntfs-3g noauto,uid=XXX,unmask=7 0   0

    Here XXX is my user id. You can find yours with id command and /dev/sda7 is the partition I want to restrict access to.

  3. Create a folder named EXTRA in /media/ as follows,

    sudo mkdir /media/EXTRA

  4. Now whenever you login you need to mount it as,

    sudo mount /dev/sda7 /media/EXTRA

Done!

Explanation:
If a particular partition contains a VFAT or NTFS filesystem and you only wish to be able to access it yourself, it's pretty simple:

Include the options "noauto", "uid=XXX", and "umask=7" in fstab line and remove the "user" and/or "users" options if they appear there now.

This means that at boot time the system will come up with that partition unmounted, and only you (operating as root, using sudo presumably) can mount it.

Once mounted, it will be owned by your unprivileged user (assuming that that user's uid is XXX, which is given to the first user created at install time in MDV installs - check with the "id" command run as that user, and adjust fstab accordingly) and will be inaccessible to all other local users.

To mount your restricted 4 partitions by issuing mount command four times is a boring task. To cut that boring task, I have written a shell script:

#!/bin/bash
#Mount Unmount secret partitions now with choice of partition
function checkPartitions(){
    local state=$1
    local dev=$2
    case $state in
    "unmounted")
        mount | grep -q $dev
        if [ $? -eq 1 ]; then
            echo $dev
        fi
        ;;
    "mounted")
        mount | grep -q $dev
        if [ $? -eq 0 ]; then
            echo $dev
        fi
        ;;
    esac
}

function safeUnmount() {
    local dev=$1
    mount | grep -q $dev
    if [ $? -eq 0 ]; then
        echo "Device $dev found. Unmounting now"
        sudo umount $dev
        if [ $? -eq 0 ]; then
            echo "Device $dev unmounted successfully."
        else
            echo "You are not root??"
        fi
    else
        echo "Device $dev is already unmounted."
    fi 
}

function safeMount() {
    local dev=$1
    mount | grep -q $dev
    if [ $? -eq 1 ]; then
        echo "Device $dev not found. Mounting now"
        sudo mount $dev
        if [ $? -eq 0 ]; then
            echo "Device $dev mounted successfully."
        else
            echo "You are not root??"
        fi
    else
        echo "Device $dev is already mounted."
    fi 
}

echo -e "What you want to do? \n 1. Mount Secret Partitions \n 2. Unmount Secret Partitions"
read -p "Enter your choice :" choice

case $choice in
1)
    echo -e "You want to Mount your secret partitions"
    echo "-------List of Unmounted secret partitions-------"
    checkPartitions "unmounted" "/dev/sdaX1"
    checkPartitions "unmounted" "/dev/sdaX2"
    checkPartitions "unmounted" "/dev/sdaX3"
    checkPartitions "unmounted" "/dev/sdaX4"
    anythingelse="y"
    #echo -e "\n"
    while [ $anythingelse == y -o $anythingelse == Y ]; do
        read -p "Which partition should be mounted?" partNum
            safeMount "/dev/sda"$partNum
        read -p "Do you want to mount any other partition? [y/n]" anythingelse
    done
    ;;
2)
    echo -e "You want to Unmount your secret partitions\n"
    echo "--------List of Mounted secret partitions--------"
    checkPartitions "mounted" "/dev/sdaX1"
    checkPartitions "mounted" "/dev/sdaX2"
    checkPartitions "mounted" "/dev/sdaX3"
    checkPartitions "mounted" "/dev/sdaX4"
    anythingelse="y"
    #echo -e "\n"
    while [ $anythingelse == y -o $anythingelse == Y ]; do
        read -p "Which partition should be unmounted?" partNum
            safeUnmount "/dev/sda"$partNum
        read -p "Do you want to unmount any other partition? [y/n]" anythingelse
    done
    ;;
esac

Replace /dev/sdaX with your 4 partitions.

Save as secret-mount-unmount.sh and then issue a command

chmod +x /path/to/file/secret-mount-unmount.sh

Double click the file and then hit Run in Terminal and proceed.

Related Question