1

Embarrassed to ask this, but have never had to face this before, so... here goes.

Some things to know:

  • I have terabytes of storage on a PC that is connected to my television.
  • I have kids who think the word "DELETE" means "FUN!"

What I'd like to do is:

  • Be able to leave the PC logged in.
  • Lock down /mnt/media1 and /mnt/media2 from the PC's default user (chow)
  • Any changes to the above done via sudo

Ideally, I'd mount those as read-only and then use the sudo command on all cp, mv, etc. changes I'd need...

chown, mount?

Help. :) Before my kids delete 400 gigabytes of the photos we've taken of them. :P

-Chow

chow
  • 225
  • 2
  • 8
  • The recommended way for access control is setting up acl. See the following questions for solutions: http://askubuntu.com/questions/82628/how-to-make-a-directory-with-permanent-permissions-different-from-default, http://askubuntu.com/questions/46716/how-to-restrict-users-on-deleting-files, http://askubuntu.com/questions/52584/shared-folders-for-all-users – Takkat Dec 30 '12 at 06:50

3 Answers3

2

The best way to do this is to simply change the ownership and permissions of all the files. Beware that this may take a while, depending on how much you have saved on your drives. You can leave it mounted read-write, but you would still need to use sudo for all operations to the files.

Assuming they are already mounted (at the locations stated above), you can just do:

chmod -R o-w,a+r /mnt/media1 /mnt/media2
chown -R root:root /mnt/media1 /mnt/media2

The first command makes all the files within /mnt/media1 and /mnt/media2 readable to everybody and writable only to the owner or group. The next command changes the owning user and group to root so that you need to use sudo to modify anything on the drive. You will only have to run these commands once; after that, they are permanently stored on the drive.

This will sufficiently protect your drive from user tampering while maintaining the readability of its stored contents.

Andrew Soutar
  • 91
  • 2
  • Those commands aren't changing the mod/ownership of the files. I forgot to mention, the drive is ntfs... would that prevent me from achieving this? – chow Dec 31 '12 at 18:49
  • @chow that is a problem, as Unix-style permissions are not supported in NTFS. I will add another answer to try to solve this problem. – Andrew Soutar Dec 31 '12 at 19:09
  • Ended up reformatting the drives as ext4 and this works like a charm. Needed to sudo chown -r root:root /mnt/media1 /mnt/media2 though to get it to work. – chow Jan 13 '16 at 04:20
1

Since the drive is formatted as NTFS, something different than normal needs to be done. As NTFS does not support Unix-style file permissions, you will need to protect your drive by mounting it read-only. Assuming it is already mounted, you can do:

sudo umount /mnt/media1 /mnt/media2
sudo mount -o ro /dev/<device> /mnt/media1
sudo mount -o ro /dev/<device> /mnt/media2

These will remount your drives in read-only mode, so you can't even modify them with sudo. To be able to modify them, do:

sudo umount /mnt/media1 /mnt/media2
sudo mount -o rw /dev/<device> /mnt/media1
sudo mount -o rw /dev/<device> /mnt/media2

Make your modifications (without sudo), and then execute the top two commands to protect them again.

Hope this answers your question.

Andrew Soutar
  • 91
  • 2
0

I think 

chmod -R o-w,a+r /mnt/media1 /mnt/media2

is sufficient.

and open standard accounts for kids.

change your password with passwd command.

That would be easier than typing sudo for any change to the disks.

nkvnkv
  • 785
  • 3
  • 8
  • 16