Limiting user rights

[Bald Brick]

It looks too complicated for me. I think I will live the things like they are. Thanks a lot for the help!

It sounds more complicated than it is. Talking about it one almost has to use some jargon (a.k.a. technical terms) but adding one line to a text file isn't that hard if somebody helps one write it.

[scanman]

It looks too complicated for me. I think I will live the things like they are. Thanks a lot for the help!

It sounds more complicated than it is. Talking about it one almost has to use some jargon (a.k.a. technical terms) but adding one line to a text file isn't that hard if somebody helps one write it.

Well I think the text file I can change, I will open it with konqueror with root user and I will apply and save the changes. Just in case I will save the old file under other name. What info I will have to provide for to know what the changes have to be done?

[DBobb]

You can restrict access by first having the drive automatically mount on bootup. Go into "Configure your Computer" -> Local Disks -> Manage.

Click on the partition with your files on it and then click on "Mount Point", name your mount point /media/windows (or /media/whateveryouwant). Click on Mount. Click on Done, and if it asks if you want to save fstab modifications click on OK. You can now close the control panel.

Now open up the console and your mount point should appear in fstab (which is the file that decides what partitions automatically mount). Typically, there will be a line in there that says umask=000 which gives all users read-write-execute permissions (and you dont want the girl to write, obviously). So we're going to change that by assigning an owner to it, and only giving that owner RWX (read write execute) permissions, while everyone else just gets RX (read execute) permissions. So lets modify that.

First of all open /etc/fstab as root (so you can edit it). In the portion of /etc/fstab, find umask=000 and replace it with umask=033,uid=YOURUSERNAME,gid=YOURUSERNAME.

Replace YOURUSERNAME, with the username of the person who you want to assign as the owner (if you're unsure what your 'username' is, open the command prompt as the user who you want to assign as owner and type "echo $USER" to find out). Save the file. Reboot.

Now the when the kid logs in as her own user name, she will see the disk and be able to view its contents, but will not be able to write to it.

[kjpetrie]

/mnt/ is (POSIXly) preferable to /media/ as a mount point in fstab. /media/ is for the haldaemon. However, the mount point can be anywhere you want.

[Bald Brick]

/mnt/ is (POSIXly) preferable to /media/ as a mount point in fstab. /media/ is for the haldaemon. However, the mount point can be anywhere you want.

+1

[scanman]

I did the steps required in the "configure your computer" and mounted the windows partiton like /mnt/windows

But when I have opened with konqueror /etc/fstab with root user I can not write and even I can not copy the text there but now

I can see the partition windows in /mnt/windows with any user

and with console I don't know how it works, sorry for my ignorance

[menotu]

But when I have opened with konqueror /etc/fstab with root user I can not write and even I can not copy the text there but now

Right click on the fstab file and choose Root menu > "edit as root"

That should give you root permissions to edit

[scanman]

But when I have opened with konqueror /etc/fstab with root user I can not write and even I can not copy the text there but now

Right click on the fstab file and choose Root menu > "edit as root"

That should give you root permissions to edit

Thanks, it works now

here is the content of the file

Code: [Select]

# Entry for /dev/sda5 :
UUID=88e7e129-f5ed-482f-b7f5-de45780244ff / ext4 defaults 1 1
none /dev/pts devpts defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
# Entry for /dev/sda7 :
UUID=27dbd980-6e27-4b1d-a472-bd4d40130910 /home ext4 defaults 1 2
# Entry for /dev/sda1 :
UUID=805AA4445AA438B4 /mnt/windows ntfs-3g defaults,umask=000 0 0
none /proc proc defaults 0 0
# Entry for /dev/sda6 :
UUID=77716520-14d1-4771-9ba2-a7a2e3a1842a swap swap defaults 0 0


[Bald Brick]

here is the content of the file

Code: [Select]

# Entry for /dev/sda5 :
UUID=88e7e129-f5ed-482f-b7f5-de45780244ff / ext4 defaults 1 1
none /dev/pts devpts defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
# Entry for /dev/sda7 :
UUID=27dbd980-6e27-4b1d-a472-bd4d40130910 /home ext4 defaults 1 2
# Entry for /dev/sda1 :
UUID=805AA4445AA438B4 /mnt/windows ntfs-3g defaults,umask=000 0 0
none /proc proc defaults 0 0
# Entry for /dev/sda6 :
UUID=77716520-14d1-4771-9ba2-a7a2e3a1842a swap swap defaults 0 0


Now, if the Windows partition you were talking about is /dev/sda1, you should edit the line

Code: [Select]

UUID=805AA4445AA438B4 /mnt/windows ntfs-3g defaults,umask=000 0 0
so that it reads

Code: [Select]

UUID=805AA4445AA438B4 /mnt/windows ntfs-3g defaults,uid=500,gid=500,umask=022 0 0
provided that your user and group IDs are both 500. To find out what they really are, run the command id as your normal user.

(It is possible that "uid=<username>" and "gid=<groupname>" will also work, but I've never tested it, and according to the man page for ntfs-3g the uid and gid values should be numerical.)

The "defaults" option is redundant but doesn't hurt.

Note that the user mask (umask) 022 will just mask (remove) write permissions for everybody except the owner of the directory, which is probably sufficient.

(If you want to mask execute permissions too, it is possible but a bit more complicated. You could simply use "umask=066" but that would also limit access to the folders under /mnt/windows to the owner -- so you'd have to split "umask" into "fmask" for files and "dmask" for directories.)

[scanman]

This is what my id provides:

Code: [Select]

[scanman@localhost ~]$ id
uid=500(scanman) gid=500(scanman) groups=7(lp),19(floppy),22(cdrom),80(cdwriter),81(audio),82(video),83(dialout),100(users),490(polkituser),500(scanman),502(fuse)
[scanman@localhost ~]$



[Bald Brick]

This is what my id provides:

Code: [Select]

[scanman@localhost ~]$ id
uid=500(scanman) gid=500(scanman) groups=7(lp),19(floppy),22(cdrom),80(cdwriter),81(audio),82(video),83(dialout),100(users),490(polkituser),500(scanman),502(fuse)
[scanman@localhost ~]$



And that means that if you edit the line in /etc/fstab as I suggested it should work:

Code: [Select]

UUID=805AA4445AA438B4 /mnt/windows ntfs-3g defaults,uid=500,gid=500,umask=022 0 0

[scanman]

Thank you very much! It works exactly like expected.

[Bald Brick]