How to make mounting a certain device read-only? [duplicate]

I wish to securely copy files from a USB external drive such that no files on that drive may be modified spuriously.

Would someone tell me in relatively simple wording how to accomplish this please? The simple wording is due to the fact that I am a recent Linux user and solely an Ubuntu Linux user.

When you plug in your USB, it will be automatically mounted with some name in the /media folder.

Open a Terminal (Ctrl+Alt+T). Type the following command:

mount

You will see a result something like this:

/dev/sda7 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
/dev/sda5 on /home type ext4 (rw)
/dev/sdb1 on /media/84CD-D8C7 type vfat (rw,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,uhelper=udisks)

Look at the last line in my example: /dev/sdb1 on /media/84CD-D8C7 type vfat plus some other output. Your clue is that its folder begins with /media; in this case, /media/84CD-D8C7.

You can now tell the system to remount it read-only with the following command:

sudo mount --options=remount,ro /media/84CD-D8C7

Of course, you would replace 84CD-D8C7 with the actual name that you have. To check that it worked, you can reissue the mount command. See how mine has changed — look for the ro after the parenthesis (ro stands for "read-only", rw stands for "read-write").

/dev/sdb1 on /media/84CD-D8C7 type vfat (ro,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,uhelper=udisks)

Explanation (if you are interested):

• sudo means to authorise this command (i.e. run it as "root"), because the "mount" command is not available to all users. This will ask for your password.
• mount tells the system to "mount" the device, i.e. attach it to your computer and give it a folder name. In this case, it has already been done; we are using the command to change the way the device was mounted.
• --options tells the mount command that we are going to specify some options.
• remount means just that: mount the device again, with exactly the same settings unless you tell it otherwise.
• ro says to remount as read-only. This is the only change that we are making to the mount.
• /media/84CD-D8C7 specifies where it is already mounted.

If you absolutely do not want to mount the drive in read/write mode and remount it as read-only, you can temporarily disable automount with:

gsettings set org.gnome.desktop.media-handling automount false

Then you could plugin your pendrive and discover the device path, run sudo fdisk -l. This will list your disks, including the pendrive. You should see (besides your hard disk) something like:

Disk /dev/sdb: 4009 MB, 4009754624 bytes
84 heads, 22 sectors/track, 4237 cylinders, total 7831552 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c2533

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *          62     7831551     3915745    c  W95 FAT32 (LBA)

Next you need to select your mount point.

1. either create a new folder where to mount your drive with sudo mkdir /media/Pendrive or
2. select an existing folder (replace /media/Pendrive below with your chosen folder)

Then you could mount manually in read-only in a terminal with:

sudo mount -t fat -o ro /dev/sdb1 /media/Pendrive

When you're done and want to disconnect your drive, you can unmount it first with sudo umount /dev/sdb1.

You may now reanable automount with:

gsettings set org.gnome.desktop.media-handling automount true