GEARZ.de

All howtos are without any warranty.
Alle Howtos sind ohne jegliche Gewähr oder Garantie.



OS X.6 - Set ACLs on Windows-partition

If you want to hide the Windows-partition from specific users or from all except specific users you can use ACLs using this little workaround. Normally you cant set ACLs on a non-HFS+-formatted partition and the partition becomes automatically mounted on /Volumes, so you cant prevent users from accessing them. Tweaking the mountpoint gives you the ability to set ACLs on these paritions.

Login as privileged user and create a new mountpoint:
$ sudo mkdir /Volumes/ACLsupportedMounts
$ sudo mkdir /Volumes/ACLsupportedMounts/windows
$ sudo chmod 700 /Volumes/ACLsupportedMounts

Set the desired ACLs to /Volumes/ACLsupportedMounts (1st one here allows everything, 2nd denies everything for anybody else):
$ sudo chmod +a# 0 "<enterUsernameHere> allow add_file,search,add_subdirectory,delete_child,file_inherit,directory_inherit,list,read,write,append,execute,delete,chown,writeattr,readattr,writeextattr,readextattr,writesecurity,readsecurity" /Volumes/ACLsupportedMounts

$ sudo chmod +a# 1 "everyone deny add_file,search,add_subdirectory,delete_child,file_inherit,directory_inherit,list,read,write,append,execute,delete,chown,writeattr,readattr,writeextattr,readextattr,writesecurity,readsecurity" /Volumes/ACLsupportedMounts

Get the Device Identifier like disk1s2:
$ diskutil info /Volumes/<enterWindowspartitionNameHere>

Copy the value of the Volume UUID and edit /etc/fstab:
# TO SET WINDOZE-PARTITION TO NORMAL MOUNT-BEHAVIOR, JUST COMMENT OUT EVERY LINE
# set windoze-partition to READONLY
UUID=<enterUUIDhere> /Volumes/ACLsupportedMounts/windows ntfs ro,noexec 0 0
# set windoze-partition to WRITEENABLED
#UUID=<enterUUIDhere> /Volumes/ACLsupportedMounts/windows ntfs rw,noexec 0 0
Remount the Windows-partition:
$ sudo diskutil umount <enterDiskIdentifierHere>
$ sudo diskutil mount <enterDiskIdentifierHere>
<back to OS X howtos>