LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Controlling access to a Windows partition (https://www.linuxquestions.org/questions/slackware-14/controlling-access-to-a-windows-partition-4175502479/)

Woodsman 04-21-2014 02:41 PM
Controlling access to a Windows partition
 
When a Windows partition is mounted in a Virtualbox VM as a raw disk, users should be prevented from concurrently being able to mount the partition as read-write. Mounting as read-only probably is acceptable, although hiding the partition seems best. When the VM is not running then read-write mounts are fine. Or at least, that is how I interpret the VirtualBox user guide.

Any ideas how to ensure this?

Hiding the partition during VM usage would be acceptable I think.

This is for somebody I am helping. "Just create a new virtual disk" is not the preferred answer. Reinstalling would be a chore. Copying the partition to a virtual disk is a waste of space and the VM then needs to be re-activated because of different hardware, as well as possible licensing BS. Network file sharing won't suffice as the user needs real-time access to specific apps and not just files. Buying a new computer is not an option. Been through all of the above, hence the forum question. :)

The only other option is, ugh, dual boot, and at that point the user might as well stay in Windows.

This is a point-and-click user. I don't think I need to worry about the user digging deep to circumvent the protections. I just need flexible protection for either use case.

Thanks. :)

ReaperX7 04-21-2014 09:33 PM
Are you using ntfs-3g or fuse?

If you're using ntfs-3g setup fstab to use "ro" variables to set it as read-only.

Woodsman 04-21-2014 10:15 PM
Quote:
If you're using ntfs-3g setup fstab to use "ro" variables to set it as read-only.
Then when the VM is not in use the user cannot access the partition r-w.

* VM in use, user can mount partition r-o but not r-w
* VM not in use, user can mount partition r-w

I suppose not having r-w access when mounting through a file manager is doable since the user gets r-w access when in the VM. Both options would be nice. This likely has to be scripted somehow.

Woodsman 04-27-2014 12:54 AM
Okay, I am confused. Seems the defaults for ntfs-3g is to mount read-write. Is there a global system method to change the default to read-only?

Update: Some research indicates this might be possible by writing some policy kit, udev, or udisks rules.

Woodsman 05-02-2014 10:35 PM
I found the following udev rule that will "hide" the Windows partition during general usage, such as not appearing in file managers. The partition is still discoverable and can be mounted manually, but for point-and-click users the partition essentially disappears.

/etc/udev/rules.d/99-hide-partitions.rules:
KERNEL=="sda1", ENV{UDISKS_IGNORE}="1"

I am not a udev guru and I have been looking around the web for a similar rule that does not hide the partition but only allows mounting read-only. I am not finding any such rules. Perhaps I am misunderstanding something?

Thanks. :)

jpollard 05-03-2014 05:35 AM
you don't want to mount filesystems even read-only if they are in use by a VM.

Windows caches things in memory -- thus the on-disk format is inconsistent even for read only access (it can even cause a crash unless using fuse).

The only time you won't get problems is if BOTH systems mount the filesystem read only.

Woodsman 05-03-2014 11:53 AM
Quote:
you don't want to mount filesystems even read-only if they are in use by a VM.
Oops, I only want to know how to force mounting read-only without VMs. :)

bassplayer69 05-04-2014 07:20 AM
This may be obsolete, but can use use the ntfs driver for the time when you want ro and use ntfs-3g when you want to use rw? Has ntfs been abandoned? Just throwing it out there...

Woodsman 05-04-2014 11:37 AM
Quote:
Has ntfs been abandoned?
I don't know, but probably.

The udev rule I shared in post #5 is good for some people as then they would not see the partition in their file managers. There are some people who have better computer skills and would at least like the partition available as read-only. The default is for ntfs-3g to make the partition available as read-write. That too is doable for people with computer skills. The majority of people with whom we are working do not have computer skills and hiding the partition is best, although they are the ones who decide their own comfort level with having access.

At the moment I am focused on just controlling access to the Windows partition and not VMs. I can't figure out how to force mounting read-only for those users who be more comfortable with that. Tinkering with fstab seems to make a mess of things and causes the partition not to appear in file managers. As all of these users are strict GUI users, their only portal to the partition is their file manager. Manual mounting with a terminal is not an option.

I am sure I am missing something obvious. :)

jpollard 05-04-2014 01:01 PM
From the NTFS site (http://sourceforge.net/projects/linux-ntfs/)
Code:
Development on this project has moved to https://sourceforge.net/projects/ntfs-3g/
So I think it is defunct. The last update was over a year ago (January 16, 2013), and was documentation only. The previous update was in 2009.


All times are GMT -5. The time now is 06:50 PM.