hide internal hdd? (HAL/fstab?)

[beadmaze]

help please!

ok, ok.
short version: what i'm trying to achieve is to restrict a user from accessing the internal hdd, but how to?

long version: i'm actually configuring a LMDE-install on a usb-thumbdrive (normal installation onto a 16GB sandisk cruzer edge) for the use of pupils in a workshop about computing & internetsecurity - the kids shall be able to take the stick everywhere and access their personalized LMDE (thunderbirdmails, secure browser, tools and stuff) on other computers, such as their grandma's, their parents, their friends or in the local libraray, where ever...
everything turns out nice so far and i'm pretty happy with the result so far.
BUT: the kids should not be able to accidentally wipe off their parent/grandma's Windows-hdd
they should have "complete" root access to install/de-install every software they want, they should even be able to screw the installation and blow the bits of it into sonic space...
they should just be not able to access any internal hdd.
ahh, they must be able to access external hdds, such as an external drive, another usb-thumbdrive and stuff like that.

what i tried yet:
-create a new user.
that worked fine, but where is an option that restricts a user from accessing any internal hdd?
- someone very friendly suggested to have a look into HAL, especially into /etc/hal/fdi/policy/preferences.fdi as it says something like "how to hint gnome-volume-manager and other programs that honor the storage.automount_enabled_hint to not mount non-removable media"
but uncommenting this part did not have any effect at all (as far as i tried it: rebooting, on different users)

if i got things right (who knows things like this?) fstab is created for a specific machine then with the uuid of the hdd, isn't it?
should i look into fstab?

hmm, there's something i can't see, obviously.
any ideas?
any hints?
tricks?
suggestions?

thanks in advance!

[BigSteve_G]

I'm no excpert (kind-of still learning) but would mounting the internal hard drive to somewhere like /mnt/restrict/hdd in fstab & then removing read & write access to the /mnt/restrict directory work?

May cause problems however with things like different drive names / multiplue drives/partitions (unless something like using /dev/hdd0 works)

[beadmaze]

thanks a lot BigSteve_G!
i think the problem is that i don't want to block a specific internal drive, but every possible internal drive, as this pendrive shall be used on different machines.
so it seems fstab is out with this perspective as it deals with UUIDs, or am i wrong here?

[BigSteve_G]

i think the problem is

the possible problem

I cant check at the moment as I am currently on a XP machine but I dont think fstab has to use UUIDS (think when I used MInt 7 it was pre-UUIDS) it may take something like sda1 as a back-wards compatability thing.

Another possable option is to block access to /dev/hdd (again sorry but I cant check at the moment) this to my mind will block access to any hard drives, however the usb will be ok as booting from it mounts the squashfs.filesystem as a loopback mount

[AlbertP]

fstab now uses UUID's by default but names like /dev/sda1 are also accepted. Labels are possible as well with LABEL=.

Probably you can somehow setup that the new user may not mount partitions, or may not use udisks.

[BigSteve_G]

Dont know if this will be of any use to you http://forums.linuxmint.com/viewtopic.php?f=46&t=98390