You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Creating RO permissions on Cruial X6 external drive for safety

I use my Crucial 1TB X6 to use on untrusted systems where I need data access. This obviously prevents unintentional copying and deleting files on my drive. Would RO permissions protect drive from viruses, trojans, etc ?

Mac mini, macOS 10.12

Posted on Sep 18, 2024 3:11 PM

Reply
4 replies

Sep 19, 2024 11:32 AM in response to drakslamarer152

drakslamarer152 wrote:
I will try to implement this moving forward but today I'm interested in whether RO would filter Viruses etc

The only way to "protect" the entire drive would be to mount it as Read Only following @HWTech's instructions.


If you just mount the drive normally it can be written to and files/folders modified or deleted. Any files/folders that have Read Only permissions themselves would not be able to be overwritten or deleted ... but the drive as a whole would still be writeable.


You could, of course, before going to your library or other location, select each top-level folder on the drive and change its Owner, Staff & Everyone permissions to Read Only and "Apply to enclosed items."


You also have to make sure that the drive is NOT set to "Ignore ownership on this volume."

Sep 19, 2024 9:06 AM in response to drakslamarer152

You can modify the "fstab" file to have the system automatically mount the drive as "read-only" when connected by using the instructions in the following article as a guide:

Prevent a volume from mounting at startup - Apple Community


While those instructions are for preventing a volume from being automatically mounted, you can use the following options instead:

defaults,ro


So the line would look something like this:

<UUID-of-Volume>      none     <file-system-type>     defaults,ro


The article explains how to find the "<UUID-of-Volume> value. The "<file-system-type>" can be:

hfs

apfs

exfat

ntfs (assuming no third party NTFS driver, still not sure if NTFS is an option even using Apple's built-in driver)

msdos (for FAT32)


I haven't tried this, but it should work.


Also, keep in mind it is possible to remount the volume as "read + write", but you would to use the command line to do so. I'm not sure if macOS provides any method to so through the GUI or Disk Utility.



Sep 20, 2024 11:56 AM in response to drakslamarer152

drakslamarer152 wrote:

I'm aware that McAfee and others is proper path to protecting oneself

No, not even for a Windows system these days. Both macOS & Windows have built-in protection these days along with other security features. If a person is careful & follows safe computing practices as outlined in this excellent article, then there is very little chance of issues:

Effective defenses against malware and other threats - Apple Community


Most of the anti-virus manufacturers these days, along with the cleaning/optimizer apps, and third party security software are just preying on peoples' fears in order to scam them. Many of these apps are collecting & selling your personal information as well. In addition, these types of apps will usually cause more problems than they solve and will impact system performance...sometimes to the point your 2024 system is running like a system from 2004 because they all interfere with the normal operation of the OS at a very low level where they can cause the most problems & damage.


but as this will be me stepping into a library and using their machines,

Somehow I overlooked this bit in your post and it changes everything. My previous suggestion does not apply to using other people's computers.


I don't have the option to use normal defenses to protect my USB drive. It would seem that a virus (using that to cover all the nasties) harms my system by writing to my disk. RO should block it but I'm not an expert.

If the external drive is read-only, then the other system will be unable to make any modifications to the files on that drive. There are only a few options available since you cannot control what an unknown computer will do. In fact, I would advise never connecting any important drive to an unknown computer (or any unknown device to your own computer).


The best option is to find a drive which allows you to flip a physical switch to put the drive into read-only mode. I am not aware of any specific drives with this feature, but I have seen drive adapters which had this ability and believe I saw a consumer drive a decade ago with that ability. I believe some current USB sticks & SD Cards still have this physical switch, but I'm not sure if any consumer SSDs or Hard Drives have such an option since I have not looked recently.


I certainly hope you have a good backup of the data on this drive especially if you are connecting it to unknown systems.

Sep 19, 2024 10:37 AM in response to HWTech

Thanks HWTech, I will try to implement this moving forward but today I'm interested in whether RO would filter Viruses etc


I'm aware that McAfee and others is proper path to protecting oneself but as this will be me stepping into a library and using their machines, I don't have the option to use normal defenses to protect my USB drive. It would seem that a virus (using that to cover all the nasties) harms my system by writing to my disk. RO should block it but I'm not an expert.

Creating RO permissions on Cruial X6 external drive for safety

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.