[Solved] NTFS-3G proper way to mount (fstab)

[neongashmen]

Hi community,

I have 3 drives on my system - one for debian (EXT4), one for windows (NTFS) and another for shared data storage (NTFS). I want to mount the data drive while using debian. The first way I did it was using the default settings,

Code: Select all

UUID=ALPHANUMERICVAL	/media/myusername/Data	ntfs-3g	defaults	0	0

This resulted in all the files in the data drive owned by root and having rwx permissions for all users (777). This to me looks like a huge security risk (Pardon me if my understanding is flawed). So I decided to use the following method,

Code: Select all

UUID=ALPHANUMERICVAL	/media/myusername/Data	ntfs-3g	defaults,dmask=022,fmask=133,uid=1000,gid=1000,permissions,windows_names	0	0

This changed the ownership to the user and reset the permissions to 755 for directories and 644 for files in the data drive. However, if I were to add executable permission to a particular file using chmod, It wouldn't work. The permission still remain 644. In essence, I'd like to use the the NTFS drive just like a normal linux partition (ie. capable of managing file permissions - I thought the permissions option in the fstab did that). So how can I change my mount options in fstab to achieve this? Is that even possible?

[arzgi]

Change defaults so that there is user.

Code: Select all

dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

Don't copy from above, I put it only for example, no good for a partition.

See man mount for Non-superuser mounts

[neongashmen]

I tried this,

Code: Select all

UUID=ALPHANUMERICVAL	/media/myUserName/Data	ntfs-3g	user,dmask=022,fmask=133,uid=1000,gid=1000,permissions,windows_names	0	0

with and without defaults but no change. chmod still doesn't change the file permissions.

[arzgi]

remove all uids and gids, they are against user. Don't know where did you get permissions, man page of mount does not tell anything like that, same for windows_name.

[neongashmen]

I think I got those info from the man page of ntfs-3g and also from this thread (https://askubuntu.com/questions/113733/ ... -etc-fstab).

I tried without specifying gid and uid, however this makes the ownership of all the files and directories in the NTFS drive to root after mounting.

[arzgi]

Ok, thanks. But also the man page of ntsf-3g

Code: Select all

 By default, files and directories are owned by the effective user and
       group  of  the  mounting process, and everybody has full read, write,
       execution and directory browsing permissions.  You  can  also  assign
       permissions  to a single user by using the uid and/or the gid options
       together with the umask, or fmask and dmask options.

So also that tells againt uid and gid.

And the man page of mount told, user option makes very strict, that all the other options are right.

[neongashmen]

Well then, this means that the following should give me the desired output and it does as well.

Code: Select all

UUID=ALPHANUMERICVAL	/media/myusername/Data	ntfs-3g	dmask=022,fmask=133,uid=1000,gid=1000,permissions,windows_names	0	0

But my question still remains, why cant I modify the permission after it is mounted? Like invoking

Code: Select all

chmod 777 file

inside the mounted drive doesn't change the file's current permissions.

[arzgi]

Do one test, you can copy your fstab to something else, like fstab.bak. Then put only user to options

Code: Select all

ntfs-3g	user	    0	       0

reboot. If that does not help, read that ubuntu answer further.

[neongashmen]

That just caused results same as the defaults option as far as I can see. ie. Ownership of all the files and directories in the NTFS drive is root, all the files and directories have rwx permissions and chmod still doesn't change permissions.

[arzgi]

Sorry, beats me. I hope you find the solution, all the best!

[LinuxOS]

Code: Select all

sudo chmod 755 file

Does sudo work?

[neongashmen]

Nope

[LinuxOS]

Does NTFS even support the POSIX permissions?
I'm not quite sure about that.

[arzgi]

from ntfs-3g manual page:

Code: Select all

 Windows Filename Compatibility
       NTFS  supports  several  filename  namespaces:  DOS, Win32 and POSIX.
       While the ntfs-3g driver handles all of them, it always  creates  new
       files  in  the POSIX namespace for maximum portability and interoper‐
       ability reasons.  This means that filenames are  case  sensitive  and
       all characters are allowed except '/' and '\0'. This is perfectly le‐
       gal on Windows, though some application may get confused. The  option
       windows_names  may  be used to apply Windows restrictions to new file
       names.

[neongashmen]

@LinuxOS

This is from the ntfs-3g man page,

Code: Select all

ntfs-3g is an NTFS driver, which can create, remove, rename, move files, directories, hard
       links, and streams; it can read and write  files,  including  streams,  sparse  files  and
       transparently  compressed files; it can handle special files like symbolic links, devices,
       and FIFOs; moreover it provides standard management of  file  ownership  and  permissions,
       including POSIX ACLs

Also this issue is referenced in this thread as well https://askubuntu.com/questions/11840/h ... 502#887502. However one comment says that it is not possible

[LinuxOS]

POSIX ACL are the permissions, aren't they?
Then from ntfs-3g manual

Code: Select all

Below is a summary of the options that ntfs-3g accepts.
acl    Enable  setting Posix ACLs on created files and use them for access control.  This option is only available
        on specific builds. It is set by default when a user mapping file is present and the permissions mount
         option is not set.

[CwF]

No, NTFS does not support Linux permissions.

Better options are to use a DE's integrated solution, or systemd-mount into user space.

A fully configured Xfce desktop for example will simply put a device icon on the desktop for a user to click on and use normally.
We can configure a user with permission to use systemd-mount. This is independent of the DE, and can be done on a command line, or triggered by ~/.profile at logon.

Don't over think it. NTFS does not need special consideration. In either method above there is no mention of NTFS, no use of fstab, and no need for root or jacking permissions. The NTFS partition will be mounted per user.

[neongashmen]

Sorry for the delayed response guys.

@LinuxOS

The acl flag doesn't alter the behaviour at all. It does say that it is only available for certain builds so dunno if the current stable kernel has it. Note that I didn't try the user mapping file method yet. I couldn't find much info about that online. Please let me know if you know how to create a user mapping file.

@CwF

Unfortunately, if I use XFCE's default mounting (either by using thunar or clicking from the desktop) it gets mounted with rwx permissions for all files and directories. Also I can't edit the file permissions after mounting as well (which is not possible in NTFS file systems from your previous messages right?) Note that I am not using the XFCE which is in the Debian ISO, I installed it seperately from apt after installing a headless debian (wanted to get the arch experience ).
Maybe from LinuxOS's previous message can you please tell me what the acl stuff actually is? Cuz from the info on the man page it seemed like what I was looking for.

[CwF]

This to me looks like a huge security risk (Pardon me if my understanding is flawed).

Yes, permissions can not persist in NTFS. The ‘session’ permissions are a different consideration. Are you asking to restrict access?

A foreign disk will always be available to/as root. Permissions are not encryption. I'm not clear to your point.

[neongashmen]

Oh I'm not aware about session permissions. And indeed I am not talking about encryption. Let me explain a bit what my concern is. According to my understanding, files have different permissions for owner, group and others which are mainly read, write and execute. By mounting the NTFS drive with default parameters, the owner, group as well as others have read, write and execute rights to all the files in the drive. So this might accidentally pose a security risk (for instance, the user accidentally running an executable downloaded off of the internet).

So I figured I should change this behaviour such that after mount, the files only have read and write permission for the owner and read only for group and others. If I ever want to run an executable, I can manually use chmod to add the executable permission to just that particular file. Which is not supported by the ntfs-3g module as per your previous replies. Do you know any work around or does people generally use the default way of mounting?

May I know what this sessoin permissions are? How is it different from normal permissions that I illustrated above?

Please let me know if I said something incorrect. I'm still learning the basics of linux