Since the topic of ownership has just come up in another thread, where changing the ownership of files has resulted in the system no longer being able to boot, I would also like to ask a question about this.
It happened to me under Windows that I was suddenly "locked out", although I had initiated it myself as an administrator.
I have a separate partition for all my personal data. As I wanted to create another user account on the computer for my mother, I wanted to make sure that she could not access this partition (neither read nor write). Therefore, I have set that I am the owner of this partition (changed it at principal) and no other members of the "Users" group have access rights (access denied). However, since I have an account where I am both an administrator and a user (this is the default setting in Windows), this meant that I no longer had access to a single file on the partition (I had also set that the ownership and permissions should be inherited). It was quite complicated to undo this.
How can I set something so that only I have access to this partition and it is not visible to anyone else? Is it better to do this by only locking the folders it contains and not the whole partition? That seems to be much easier.
Shall I also just disable show, read and write for a specific user instead of denying access?
And is it right: I don't need to be the owner of the partition to gaim that others can't access it?
Or shall I create an account where the administrator is not also the normal user?
(The data partition is completely separated from the system and does not contain the user directory).
This is a Linux forum, your question is about how to do the things on Windows. I highly recommend you go to a forum dedicated to Windows, and ask the question there. As it is, I don't use Windows, not since Windows 7, so I can't help you.
I am interested in how to set this under Windows and under Linux, because with dual boot I would have to set this for both. Perhaps it is enough if I know it in one of the two, e.g. in Linux, then I could transfer it to the other operating system, as the ownership and access rights (chmod/chown) are similar in Linux and Windows.
The concept itself is quite straight forward, but the setup will be slightly different depending on whether we're talking about a single computer with multiple user accounts or multiple computers and/or operating systems. I was going to write a long post but I think it's best to focus on specifics.
Perhaps the simplest solution is that you backup your data first, format the data partition to Ext4 then move back your Data. Leave your mother on Windows and she will not be able to access the partition.
Brave A.I. search engine suggests:
Hide Data Partition on Dual-Boot
To hide a data partition on a dual-boot machine with Windows and Linux, you can take the following steps:
For Windows:
Open Disk Management and remove the drive letter for the partition you want to hide. This will make the partition invisible in File Explorer, but it can still be accessed manually if the drive letter is known or if the partition is mounted through other means.
For Linux:
Use the "Disks" application to edit the mount options of the partition you want to hide. Uncheck "Mount at system startup" and "Show in user interface" to prevent the partition from being automatically mounted and visible.
Alternatively, you can uninstall the packages that provide NTFS filesystem support in Linux, which will prevent Linux from accessing NTFS formatted partitions. However, this will also make Linux unable to access USB flash drives and external HDD drives if they are factory-formatted with NTFS.
These methods will make the data partition less accessible, but it is still technically possible to manually mount or access the partition if the user is knowledgeable enough.
It is about a single computer with several user accounts.
I hadn't thought about the possibility of hiding drive letters, but that's not so convenient for me because I really store everything on this partition and nothing under My own documents/My own pictures ... and then always have to call it up first. I'd prefer managing it with the permissions. I had planned to format the partition in exFat so that I could use it from both operating systems. Is that correct?
So, it's one computer but with dual boot? If you need to use it across multiple operating systems you need to format it as NTFS which is Windows' native file system (I'm assuming the other OS is indeed Windows).
The only problem with that is that NTFS doesn't understand the metadata that Linux uses to store file ownership and permissions.
In Linux, you can still mount the partition providing this information so that only you can access it, but once you boot to Windows the permissions would not translate. In practice this means two separate systems, one for each OS, to keep things secure every time.
It's probably easier to just encrypt this partition with a password that only you know. Or, have a separate drive for your own files.
My question is: Which operating system does the data partition belong to? If I create it in Windows, does it belong to Windows and only understand Windows permissions? And if I use a Linux live stick or Linux to create it, only Linux permissions? I want to keep the data partition independent of any operating system.
I don't want a file to break if I save something in it from Windows and then from Linux. Is that even possible? Should I rather create separate files for Linux and not use them with Windows?
The operating system doesn't own the partition, it just reads it.
The security mechanism that allows one user to access a given file comes from metadata associated to that file. But different file systems work differently and this doesn't translate well across some of them; namely NTFS (Windows' file system) doesn't understand this metadata.
For example, I have the following external drive formatted as NTFS:
The first column indicates the permissions over each file and folder. If you understand this notation, it should stand out immediately that every permission bit is turned on. Meaning that any user can read, write and execute these files as they please.
This is because NTFS doesn't store the file permission metadata even if you copy or create files from a Linux system, as is my case. When the time comes to read those files back like you see in this screenshot, Linux has to re-create that missing information, and since it's missing it tries to be helpful and assume that you probably want to read it and so it grants full access to anyone.
Note that at this point I'm talking about file systems, not partitions. A partition is just a chunk of your drive, but to write stuff into it you must tell the drive how files are arranged. That's what the file system does.
So, it's not a matter of who creates the file, but how it creates it. Linux permissions work differently than they do in Windows, so you can't have a single partition adapt to each operating system since the data comes from the file system.
Considering all of the above, it should be clear that this wouldn't work. If you create a file in Linux but save it to a drive formatted using NTFS, the permissions metadata would be lost. The next time you read that file from the drive, all permission bits would be enabled. The same is true if you create the file from Windows.
The solution in your case is to use encryption to protect the files or the partition you want to mount.
Thank you very much for the explanation! I had to read it a few times to understand a bit of it.
So there is no file system that can store metadata, especially security properties, that is handled by Windows and Linux and at the same time is suitable for secure, permanent storage of data on an internal hard disk?
Then I'd best set the access rights in Windows and not create a second user account in Linux (as long as Windows still works, that's enough).
If anyone has a tip for me so that it doesn't go wrong again, I would be very grateful!
I'd try it this way:
Create new user account for standard user.
Right-click on the two folders on the data partition >Properties>Security: Add new user, disable all rights (read, write, change, full access...)
All child folders should have automatically the same settings.
Is this correct?
You lost me there; are we still talking about Linux? I don't know how to set this up for Windows.
First, check what that partition is formatted as by running lsblk -f — see my screenshot above for reference. If it's formatted as NTFS (most likely the case, since you can read it through Windows) then you will always have full access when you mount that partition on Linux, which is not what you want, right?
If there's anyone else using that same computer (or that same drive if it's external) the best option would be to encrypt the files that you want to keep private.
I'd suggest using Cryptomator for that as it will work on both Windows and Linux and you won't have to jump through any extra hoops:
Yes, the partition would then be in NTFS.
I was talking about the permissions in Windows. I thought without a user account, someone else can't open Linux to access the partition.
I don't want to encrypt so much because I already have to enter the password so often and it is much more difficult to recover data if there is a problem with the computer.
Ah, yes. If you are the only one with an account on Linux, that won't be a problem (assuming the permissions are set up properly on Windows, of course).
I've already posted elsewhere that NTFS is not good if you have say edited a document in Zorin and then saved it to the NTFS partition as Windows can corrupt the file. You would be better to keep your own files as your own files and anything you need access to (not necessarily update to) then use the Public folders provided on each system. You are better keeping files created in Zorin on Zorin and similarly, keep Windows files in Windows. You could always transfer files to USB and save a file locally, provided you remember to save in MS format, e.g., .docx, .pptx, .xlsx.
In recent years I have only used libreoffice under Windows and saved the files as .odt or .ods. Does this not work?
Do I understand that correctly?
If I continue working on a file in Linux that was created in Windows, should I just save it to a USB stick and not to the data partition, and when I have Windows back on, transfer it to the data partition?
I have not saved any files under "My Documents" or "My pictures" in Windows. They are all on the separate partition.
It's all Greek to me. I'm now afraid that all my text files and photos will become unusable as soon as I open them from Linux.
Then switching to Linux is not an option.
Above all, you cannot tell from the file name (e.g. odt, jpg, pdf) whether they were saved from Linux or Windows. Up to now, I have always backed up my data on USB sticks, which was never a problem despite the different file system format. Can't I make a partition with FAT32 or exFAT?
The chance of file corruption comes from Windows' Fast Startup. In order to speed up the boot times it never fully shuts down and it hibernates its current state, creating cache of files and folder recently used, etc. If you then modify one of those files while Windows is "hibernating", like when you have a dual boot system and access the files from the shared partition, it may be conflict to the point where the file is not recoverable.
This is one of the reasons why I don't like dual-boot. It's just more trouble than it's worth down the line. However, you should be safe as long as you disable this feature from Windows. I myself have been using NTFS without problems for years, although only with external drives, not dual boot.
Another alternative is what @swarfendor437 suggests which is to have a mirror of the files you are working with on both partitions, instead of a shared one. This is not ideal since you'll have to make sure to save the files in two separate locations, but it removes the risk of those files being cached and corrupted by Windows.
In any case, you should always have backup copies of your data. All drives fail, eventually (I've learned this the hard way).
Thank you very much for your help and support. I really appreciate it, even if I don't understand a lot of it at the moment.
I agree, dual boot is much more complicated to handle than one operating system alone and means double the work. It gives me some peace of mind because I can hope that if I break something in Linux, I might still be able to boot Windows, and if suddenly Windows 11 (which is not officially supported) stops working, I'll still have Linux. But I rarely boot into Windows anymore.
I will look into this topic in more detail so that I don't destroy personal data out of ignorance - these are sacred to me .
.