Prevent non-wheel user from unmounting disk
- Thread starter eswenson
- Start date
It is a multi-user setup with two accounts (mine and my wife's). My account has sudo access while hers doesn't. We each log in separately, and use fast user switching.
My thinking was that if I could set things up so that a non-admin user could not unmount the disk, then I'd prevent the accidental unmount of our time-machine backup disk.
One low-tech way of doing this would be to have a process startup when I log in that opens a file on the time machine (mounted) drive. That way, when my wife uses the machine under her account, if she accidentally tried to unmount the volume, MacOS would complain that there are open files on the drive and deny the unmount. Haven't tried this yet.
But I figure there must be a more direct way to require an admin account to unmount a volume. Is there?
My thinking was that if I could set things up so that a non-admin user could not unmount the disk, then I'd prevent the accidental unmount of our time-machine backup disk.
One low-tech way of doing this would be to have a process startup when I log in that opens a file on the time machine (mounted) drive. That way, when my wife uses the machine under her account, if she accidentally tried to unmount the volume, MacOS would complain that there are open files on the drive and deny the unmount. Haven't tried this yet.
But I figure there must be a more direct way to require an admin account to unmount a volume. Is there?
BjarneDM
Registered
The first thing we can try to do is this :
http://knowledgebase.tolisgroup.com/?View=entry&EntryID=103
Secondly, we can enable ownership on the disk. For this we'll have to use Terminal :
http://knowledgebase.tolisgroup.com/?View=entry&EntryID=103
Secondly, we can enable ownership on the disk. For this we'll have to use Terminal :
- get a list of your disks :
and determine which one is your Time Machine disk - on my computer it's disk1Code:
sudo diskutil list - check info on the Time Machine partition - on my computer that's disk1s3 :
and see what the Owners: entry saysCode:
sudo diskutil info disk1s3 - enable ownership on the disk :
Code:
sudo diskutil enableOwnership disk1
Hi Bjarne,
I haven't explored your first suggestion regarding ensuring that the time machine backup disk is mounted upon boot and before any user has logged in. I had actually thought that backups have been occurring on this iMac regardless of whether anyone was logged in or not. I'll experiment a bit here to verify.
In any case, I did run the "diskutil info" command on the hfs partition that is used by time machine, and it shows "Owners: Enabled". Doesn't that mean that the enableOwnership step is unnecessary -- that it is already enabled?
I've attached the entire output from "diskutil info".
-- Eric
I haven't explored your first suggestion regarding ensuring that the time machine backup disk is mounted upon boot and before any user has logged in. I had actually thought that backups have been occurring on this iMac regardless of whether anyone was logged in or not. I'll experiment a bit here to verify.
In any case, I did run the "diskutil info" command on the hfs partition that is used by time machine, and it shows "Owners: Enabled". Doesn't that mean that the enableOwnership step is unnecessary -- that it is already enabled?
I've attached the entire output from "diskutil info".
-- Eric