Locking individual files onto usb to avoid deletion

The lock option in Finder is only to help someone avoid mistakenly deleting or overwriting a file. It's not intended as any sort of strong security.

I don't know any way you can lock something on a USB flash drive that the user's can't defeat pretty easily. Why do you not burn the file onto a CD-R or DVD-R? Then it can't be deleted by any means (short of smashing the disk).

Regards.

I'm not entirely sure about this but what about burning a CD-R with the video on it. Then, create an iso image of the disk and restore that image to the USB drive.

My thinking, and I could be wrong, is to create an image of the file system used by CD-Rs which believe is read-only. Don't have a real disk handy to test this out with at the moment.

The read-only status would only apply to the disk image itself; read-only status is not a property of the files themselves and would not carry over when the files are copied to another place. Hence once the image was "restored" to a flash drive it would be read-write, so the files could be deleted as normal.

Regards.

It's up to you if this is even worth considering but some USB key drives have a lock switch. If you locked it, then disabled the switch (epoxy glue comes to mind)...?

Here you go, this is the solution. What it will do is create a read-only USB drive using the image of a CD.

Format you USB drive as normal and add the files you want.

Launch Disk Utility, highlight your pen drive and create a New Image, selecting DVD/CD master as the Image format.

Then launch Terminal, navigate to where you saved the image (which will end in cdr) and use the following command.

hdiutil makehybrid -iso -joliet -o test.iso test.cdr

So now we have a test.iso file, test being what I called the image.

Keeping Terminal open, eject the USB drive and back in Terminal use

diskutil list

Plug the USB drive back in and repeat. What you will now know is the disk number used to identify the USB device, so in my case the additional device that showed up from using the command the second time was /dev/disk4

Now issue the following command in Terminal

diskutil unmountDisk /dev/disk4

obviously replacing disk4 with whatever number you identified in your case.

Now the neat part

sudo dd if=test.iso of=/dev/rdisk4 bs=1m

This writes the iso image to the USB drive and once it is finished you can mount the USB drive again and it will come up with a read-only partition in the ISO 9660 format. Like any disk you burn it will have 0 space free and the only thing you can do is read or wipe the partition.

Nope, it's definitely do-able, see my post below (or above depending if you view this threaded or not).

So a couple of questions in there.

1. When I plug in the finished USB device it mounts automatically without any additional effort, the only difference is the filesystem is read only. The steps will make the rest of the USB unusable but is that a problem? Just to be clear, it mounts like any device, shows up with whatever files you had on the device with no change the only difference from a normal formatted USB device being it can't be written to which of course also covers deleting.

I'll try my best with the different parts.

The Disk Utility part at the start is about creating a master image you can use to burn disks, this doesn't seem to be enough in it's current form.

The hdiutil command converts this to a more typical ISO image so in all intents and purposes it is now a bit for bit image of a read only CD.

The diskutil commands are to identify which device represents the USB device you want to work on. Every device has a pointer like this. Your internal drive for example will probably be /dev/disk0 like mine is. Got a CD or DVD in the drive? it will have a disk id associated with it. What those commands are doing is to make it easy to identify what the id used for the device you just inserted.

Once you have done that you need to unmount the device but still have it connected to the machine. At this point you can perform raw writes to the device.

Then the last command, sudo dd is actually two commands. The sudo, which you will need to do from an Administrator account (which I'm assuming is in your case) escalates the next command to be issued with root privileges. The reason you need to do this is that the dd is, working at the level of bits on the device, replacing *everything on the of (output file is a bit misleading as the file we're pointing at is in fact the pointer to a real device rather than a normal file) and replacing everything on of with whatever you point at with if. So we replace everything on the USB device with the iso image which of course is read only as it was never designed to be writeable.

Does that help?

Edit
Sadly the Terminal commands do have to be done at a prompt. I'm assuming you're happy in changing directories in Terminal and it's only the more obscure parts you're unsure about. Tell me if that isn't the case.

Message was edited by: ajduguid

I'm not sure if you're going to be able to do what you want I'm afraid. The dd command, because it's writing the iso image bit for bit will overwrite the partition information - the whole lot. By pointing it to the first partition you'll have created some weird and probably unreadable device as what it won't be expecting at the start of the partition is another partition scheme.

Edit
Certainly you seem to be getting the idea though if you feel comfortable enough experimenting like you did. I'll have to give a think to what you're trying to achieve.

Edit 2
My thinking right now is maybe, and I really mean maybe, gparted (linux partition program) may allow you to create what you want and then once you have done it once you create an image you can push onto the others much like how the dd command is already doing.

Message was edited by: ajduguid

I have a USB drive that I received as a promotional give away from the old Cingular wireless.

The drive has a little, mechanical switch on it to allow it to be locked.

That leads me to believe, that if you are making enough of these drives, you might be able to work with the manufacturer to enable them to be locked. Or perhaps locked unless someone truly wants to overwrite it for other purposes.

Matt

It was suggested earlier. Is a DVD too small to hold this file?

Matt