[SOLVED] Need NTFS USB 1TB hard drive needs to be read only except under Linux
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there any way to make an NTFS drive read-only by default but writeable on my machine?
yes, there is. Once the drive is connected to a Windows machine, you can adjust the NTFS access rights so that nobody has write permission any more (except Administrator, maybe). There's the convenient side effect that the Windows boxes won't keep creating that silly "System Volume Information" directory each time the drive is connected.
The Linux NTFS driver doesn't care about NTFS access rights, so you can always write to the drive from Linux.
The downside of this procedure is that your colleagues can't give any files back to you this way.
Quote:
Originally Posted by qlue
Alternatively, is there any alternative to NTFS that won't require installing additional software to everyone else's Windows machines?
Probably not. The only file systems Windows supports natively is the FAT family and NTFS. Anything else, for instance ext2/3, will require an extra driver.
yes, there is. Once the drive is connected to a Windows machine, you can adjust the NTFS access rights so that nobody has write permission any more (except Administrator, maybe).
I need a way to protect this drive from malware and user-error on these Windows machines.
Then ensuring all users are properly educated about safe browsing / networking habits, logging, auditing and adjusting unwanted behaviour, denying Administrator privileges, making regular backups, filtering network access and deploying a good antivirus solution should be the first measures to take.
Setting a NTFS volumes readonly flag is like combating symptoms and not addressing the real cause(s).
Then ensuring all users are properly educated about safe browsing / networking habits, logging, auditing and adjusting unwanted behaviour, denying Administrator privileges, making regular backups, filtering network access and deploying a good antivirus solution should be the first measures to take.
Setting a NTFS volumes readonly flag is like combating symptoms and not addressing the real cause(s).
Agreed. Unfortunately, you're preaching to the choir. :P
This is mostly my colleague's personal machines and I've long since given up explaining the basics to them.
Here in South Africa, most malware is distributed via USB flash-drives as most people don't have Internet. (except 3G, which is expensive)
For the same reason, most home computers never get updates.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.