Fstab security and auto mount-SOLVED

[tosh124]

HI all,
I thought I had the security permissions and auto mount sorted. but maybe not!
The Fstab content are below, but I have a drive that I want to leave open for the kids and another that only adults can get into. Unfortunately, whilst they do auto mount the permissions don't work, suggestions anyone?

many thanks
Col

# /etc/fstab: static file system information.
#
# Use 'vol_id --uuid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/sda1 during installation
UUID=385ecae6-bd34-41c3-a524-974b8cd6d17f / ext3 errors=remount-ro 0 1
# swap was on /dev/sda2 during installation
UUID=c6876978-438f-4a1e-ae53-dacdf22d1e4a none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
proc /proc proc nodev,noexec,nosuid 0 0
/dev/sda2 / ext4 rw,errors=remount-ro 0 0
/dev/sdb2 /media/DataNew ntfs defaults,umask=000,uid=1000 0 0---No permissions here everyone full access
/dev/sdb1 /media/CMStore ntfs defaults,umask=002,uid=1000,gid=adults 0 0
/dev/sda4 /media/DataBackup ext4 defaults,umask=000,uid=1000 0 0----adults only access here

[altair4]

Do I have this right?

You want /media/DataNew to have full access - which it does.
But you want /media/DataBackup to be accessible to adults only.

First, you can't use this syntax on a Linux filesystem ( different rules for different filesystems I'm afraid ):

/dev/sda4 /media/DataBackup ext4 defaults,umask=000,uid=1000 0 0

The umask and uid thing is only for Windows filesystems so change it to:

Code: Select all

/dev/sda4 /media/DataBackup ext4 defaults,noatime 0 2

Then unmount the partition:

Code: Select all

sudo umount /media/DataBackup

And remount it without a reboot:

Code: Select all

sudo mount -a

Second, you need to define what type of access to the "adults. Here's one definition:

[1] Create a new group called adults:

Code: Select all

sudo groupadd adults

[2] Add each of the users you classify as adults to that group:

Code: Select all

sudo gpasswd -a altair adults

[3] Change ownership of the mounted partition:

Code: Select all

sudo chown :adults /media/DataBackup

[4] Change permissions of the mounted partition:

Code: Select all

sudo chmod 2770 /media/DataBackup

[5] Change the default umask:

Code: Select all

gksu gedit /etc/profile

And modify the last line to this:

Code: Select all

umask 002

This will limit access to the partition only to those members of the "adult" group. Each member will have the ability to add to and delete from the partition and all members will be able to write to each other's files. All new files by "adults" will save with group = adults and permissions of 664 which will enable all other member of the group to have write access to that file.

If that is not exactly what you had in mind or it goes too far in allowing access rights, you might want to look at this for other scenarios:
HowTo: Multi User Shared Local Directory: http://forums.linuxmint.com/viewtopic.php?f=42&t=69834

[tosh124]

HI Altair,
you do indeed have it right.
I have 3 drives (2*NTFS and 1*ext4) which I want to sort out the permissions on.
DataBackup (ext4)=adults only (Fstab line is "/dev/sda4 /media/DataBackup ext4 defaults,noatime 0 2")
CMStore(NTFS)=adults only (Fstab line is "/dev/sdb1 /media/CMStore ntfs defaults,umask=002,uid=1000,gid=adults 0 0")
DataNew(NTFS)=everyone full access, which works

Neither the DataBackup nor the CMStore prevent read access, although that does seem to be about it. I would prefer if they had no access at all, not that I don't trust them you understand

thanks again
Col

[altair4]

If you don't want read access to anyone outside the "adult" group in CMStore the then change this:

/dev/sdb1 /media/CMStore ntfs defaults,umask=002,uid=1000,gid=adults 0 0

to this:

/dev/sdb1 /media/CMStore ntfs defaults,umask=007,uid=1000,gid=adults 0 0

Then unmount the partition:

Code: Select all

sudo umount /media/CMStore

And mount it again:

Code: Select all

sudo mount -a

As far as the DataBackup partition the method I proposed in my previous post will do that. It will make it accessible only to the "adults". It will also make the contents of that partition writeable so that it will act like the CMStore partition.

[tosh124]

Excellent!
Thanks very much for your help, yet again!!

best wishes
Col