FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Mon Aug 26, 2019 04:50



Post new topic Reply to topic  [ 8 posts ] 
Linux Trash for all users on NTFS drive 
Author Message

Joined: Thu Jun 16, 2011 18:53
Posts: 3
Post Linux Trash for all users on NTFS drive
Hi there Jean Pierre and fellow developers and/or supporters!

I have a 1TB partition, NTFS formatted, that I only store data like Music, Movies, Pictures, etc. Been using it in Linux Mint 10 (based on Ubuntu Maverick 10.10) with no problem, permanently mounted with the following fstab entry:

Code:
LABEL=DADOS   /dados   ntfs   defaults,umask=002,uid=rodrigo,gid=plugdev   0   2


No user mapping or any other fancy stuff. So far, so good. I have full read/write permissions, and I can even use the Trash feature of Nautilus (trashed files are stored under /dados/.Trash-1000, automatically created by system)

But now my mother and my girlfriend are going to be using my system. The way it is they will be able to read/write/create files and folders, but they will not be able to use the Trash feature, since Nautilus/Gnome/Ubuntu require that /.Trash-<uid> folder is owned by the user that issues the delete.

How should I change the fstab entry (or perhaps set up a UserMapping file) to accomplish that?

- All files and folders in that partition must remain read/write for all users, as well as being able to create / rename / delete / etc files and folders.
- Everyone must be able to use the Trash feature
- Linux UIDs will be 1000 (me, rodrigo), 1001 (helena) and 1002 (dafne)
- Default groups for users will be the same name and id as users (1000,1001,1002)
- They will all be members of the plugdev group (id=46)
- I seldom use Windows, so I dont care how things will be in the Windows side... SIDs can be "fake" ones
- ... as long as files remain worldwide read/write if I ever boot in Win XP/Seven. Preferably with no SID "attached" to data files like movies, music, pics, etc, to keep things "clean"
- exception could be the /.Trash-<uid> folders, since its a Linux-only feature, really dont care which

My system info:
Code:
rodrigo@desktop ~ $ lsb_release -a
No LSB modules are available.
Distributor ID:   LinuxMint
Description:   Linux Mint 10 Julia
Release:   10
Codename:   julia

rodrigo@desktop ~ $ uname -a
Linux desktop 2.6.35-28-generic #50-Ubuntu SMP Fri Mar 18 18:42:20 UTC 2011 x86_64 GNU/Linux

rodrigo@desktop ~ $ ntfs-3g
ntfs-3g: No device is specified.

ntfs-3g 2010.8.8 external FUSE 28 - Third Generation NTFS Driver
      Configuration type 1, XATTRS are on, POSIX ACLS are off


Can you please help me?


Thu Jun 16, 2011 20:26
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Linux Trash for all users on NTFS drive
Hi,

Quote:
But now my mother and my girlfriend are going to be using my system. The way it is they will be able to read/write/create files and folders, but they will not be able to use the Trash feature, since Nautilus/Gnome/Ubuntu require that /.Trash-<uid> folder is owned by the user that issues the delete.

How should I change the fstab entry (or perhaps set up a UserMapping file) to accomplish that?

The following should do :
Code:
LABEL=DADOS   /dados   ntfs permissions 0 2

Provided :
Quote:
- Everyone must be able to use the Trash feature

Make the trashes owned by their respective owners
Quote:
- Default groups for users will be the same name and id as users (1000,1001,1002)

If you want every file to be writeable by users in different default groups, you will have to force
Code:
umask 0

for every user (the above is a shell command, to be put typically in each user's startup script, such as ~/.bashrc). But I would recommend to put the users in the same default group.
Quote:
- They will all be members of the plugdev group (id=46)

This is irrelevant for accessing files, unless some process creates files owned by the plugdev group.
Quote:
- I seldom use Windows, so I dont care how things will be in the Windows side... SIDs can be "fake" ones
- ... as long as files remain worldwide read/write if I ever boot in Win XP/Seven. Preferably with no SID "attached" to data files like movies, music, pics, etc, to keep things "clean"

You cannot avoid SIDs to be attached to files, this is required by the NTFS format. If you require your files to be worldwide read/write, you have to force the umask as mentioned above.

Note : you did not require the files created by Windows to be readable by Linux, and they will be so only if you ask Windows to create world readable (+writeable) files, or map Linux users to Windows users.

Regards

Jean-Pierre


Thu Jun 16, 2011 21:43
Profile

Joined: Thu Jun 16, 2011 18:53
Posts: 3
Post Re: Linux Trash for all users on NTFS drive
Hi Jean-Pierre! Thanks for the fast (yet detailed) reply!

jpa wrote:
The following should do :
Code:
LABEL=DADOS   /dados   ntfs permissions 0 2


Make the trashes owned by their respective owners


I tried this, but it didnt work. When mounted, it didnt allow me to create any files or folders:

Code:
rodrigo@desktop ~ $ sudo mount /windows
Using default user mapping
rodrigo@desktop ~ $ ls -la /
drwxr-xr-x   1 root    root     4.096 2011-06-16 18:51 windows
rodrigo@desktop ~ $ touch /windows/test.txt
touch: cannot touch `/windows/test.txt': Permission denied


Quote:
If you want every file to be writeable by users in different default groups, you will have to force
Code:
umask 0

for every user (...). But I would recommend to put the users in the same default group.


Hum. Both ways would have an impact outside the NTFS partition, which is something I would like to avoid. umask 0 seems way too much permissive. As for same default group... im not sure what the consequences would be. By default Ubuntu (and Mint) sets each user to its own group, and uses umask=022. So besides changing default group I would need to change umask=002, right? That would completely change my Ubuntu behaviour (for example, $HOME files would now be writable by them, and i dont want that)

Isnt there a solution that changes only the behaviour inside NTFS mount? For example, setting umask=002 (or even 0), or changing default group for the NTFS partition alone?

Quote:
You cannot avoid SIDs to be attached to files, this is required by the NTFS format. If you require your files to be worldwide read/write, you have to force the umask as mentioned above.

Note : you did not require the files created by Windows to be readable by Linux, and they will be so only if you ask Windows to create world readable (+writeable) files, or map Linux users to Windows users.


Using the permissions parameter, without setting a user mapping file, which SID would be used for files created by the different users? How would they appear in Windows? And how would a file created by a default WinXP/Seven user behave in Linux? This is not very important, since today I almost never Windows. But the main reason for choosing NTFS in the first place was to use this partition as a "free" storage for movies and music regardless of OS.

(side-question: is it possible for NTFS-3G to somehow "emulate" the sticky bit? either using umask or dmask? because there is an alternative way to enable trash, if I previlouly create a /.Trash folder with the sticky bit)

Thanls,
Rodrigo


Fri Jun 17, 2011 00:22
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Linux Trash for all users on NTFS drive
Hi,

Code:
rodrigo@desktop ~ $ sudo mount /windows
Using default user mapping
rodrigo@desktop ~ $ ls -la /
drwxr-xr-x   1 root    root     4.096 2011-06-16 18:51 windows
rodrigo@desktop ~ $ touch /windows/test.txt
touch: cannot touch `/windows/test.txt': Permission denied

This is correct : your windows directory is owned by root and other users do not have the right to write (protections 755). You first have to create a directory writeable by users (if this is your Windows system directory, you had better not change permissions on the Windows root directory).
Code:
# create a directory for multimedia files
sudo mkdir /windows/multimedia
# make it writeable by anybody
sudo chmod 777 /windows/multimedia
# create a test file
touch /windows/multimedia/test.txt

Quote:
umask 0 seems way too much permissive. As for same default group... im not sure what the consequences would be. By default Ubuntu (and Mint) sets each user to its own group, and uses umask=022. So besides changing default group I would need to change umask=002, right? That would completely change my Ubuntu behaviour (for example, $HOME files would now be writable by them, and i dont want that)

So, you want to have different behaviors in different directories.

This is only possible if you have an inheritance scheme, where permissions for new files are defined in the directory in which the files are created. With ntfs-3g there are two such possibilities : using Windows inheritance or using Posix inheritance. I will only explain Windows inheritance for now, because you would have to reconfigure ntfs-3g to use Posix inheritance.

Windows inheritance has to be set up in Windows, either from GUI (use the security tab in the properties of the directory), or using the command cacls in a terminal window. This one is easier to explain (though I do not have examples in Portuguese). You may have to log into Windows as an Administrator.

Quote:
# create a directory called inherit
F:\windows>mkdir inherit
# display its standard protections
F:\windows>cacls inherit
F:\windows\inherit Tout le monde:(OI)(IO)(DENY)(accès spécial :)
FILE_EXECUTE
BUILTIN\Administrateurs:(OI)(CI)F
BUILTIN\Administrateurs:(OI)(CI)R
Tout le monde:(OI)(CI)R
# etc. (skipping)

"Tout le monde" means "everybody" (will be different in Portuguese). The last line means anybody can read (the final 'R'), and this is inherited to files (the OI) and to directories (the CI) created in that directory. What you want is doing the same for writing :
Quote:
# allow writing by anybody
F:\windows>cacls inherit /E /G "Tout le monde:C"
répertoire traité : F:\windows\inherit
# check
F:\windows>cacls inherit
F:\windows\inherit BUILTIN\Administrateurs:(OI)(CI)F
BUILTIN\Administrateurs:(OI)(CI)R
Tout le monde:(OI)(CI)C
# etc. (skipping)

Now the last line shows that anybody can read, write and execute (the final 'C'), and this is inherited to new files and directories created in that directory. Below is how this appears in the GUI
Attachment:
permissions.gif
permissions.gif [ 40.48 KiB | Viewed 19794 times ]


Now, let us see how this appears in Linux. First, you have to request (in /etc/fstab) Windows inheritance to be applied :
Code:
LABEL=DADOS   /dados   ntfs permissions,inherit 0 2

Do a few checks :
Code:
# check permissions on inherit directory
[linux@pavilion2 windows]$ ls -ld inherit
drwxrwxrwx 1 root root 0 Jun 17 09:34 inherit
# create an inner file (current user is "linux" in group "linux")
[linux@pavilion2 windows]$ touch inherit/myfile.txt
# create an inner directory
[linux@pavilion2 windows]$ mkdir inherit/mydir
# check their ownership and permissions
[linux@pavilion2 windows]$ ls -l inherit
total 0
drwxrwxrwx 1 linux linux 0 Jun 17 10:37 mydir
-rwxrwxrwx 1 linux linux 0 Jun 17 10:37 myfile.txt


Important : do not apply chmod or chown to directories with Windows inheritance defined in them : you would apply Linux rules and delete the Windows inheritance rules. If you need that, you have to switch to Posix inheritance. You can however apply chmod and chown to files, as needed.

Quote:
Using the permissions parameter, without setting a user mapping file, which SID would be used for files created by the different users? How would they appear in Windows?

The default SID used by ntfs-3g for a uid is :
Code:
::S-1-5-21-3141592653-589793238-462643383-10000+2*uid

It appears in Windows the same way as a file created on another Windows computer, but the owner of a file is rarely seen on a Windows screen.
Quote:
And how would a file created by a default WinXP/Seven user behave in Linux?

It will appear as owned by root with full access to anybody (see the inherit directory in the above examples).
Quote:
(side-question: is it possible for NTFS-3G to somehow "emulate" the sticky bit? either using umask or dmask? because there is an alternative way to enable trash, if I previlouly create a /.Trash folder with the sticky bit)

Yes you can, but this means you want permissions, and by doing a chmod you lose the Windows inheritance defined in the sticky directory. You cannot have two different policies for a directory.
Quote:
[linux@pavilion2 windows]$ mkdir inherit/sticky
[linux@pavilion2 windows]$ chmod 1777 inherit/sticky
[linux@pavilion2 windows]$ ls -ld inherit/sticky
drwxrwxrwt 1 linux linux 0 Jun 17 10:57 inherit/sticky


Regards

Jean-Pierre


Fri Jun 17, 2011 11:10
Profile

Joined: Thu Jun 16, 2011 18:53
Posts: 3
Post Re: Linux Trash for all users on NTFS drive
jpa wrote:
You first have to create a directory writeable by users (if this is your Windows system directory, you had better not change permissions on the Windows root directory).
Code:
# create a directory for multimedia files
sudo mkdir /windows/multimedia
# make it writeable by anybody
sudo chmod 777 /windows/multimedia
# create a test file
touch /windows/multimedia/test.txt


Can this "directory writeable by users" be the partition root itself? I mean, the mountpoint? Like:

Code:
mount /windows
sudo chmod 777 /windows


Will the changes be persistent after a reboot?

The whole partition is just a data partition... like an external HDD. There is no system there. Just data files. Sorry if the name "/windows" was misleading. This is is a former windows partition i formatted for the sole purpose of testng and playing with NTFS-3G parameters until I get it right. Then Ill apply it to my "real" NTFS data partition, which is currenly mounted at /dados. No OS or system in either one.. they are all data partitions to hold music, movies, pics, etc.


Quote:
So, you want to have different behaviors in different directories.


Yes! :D

That is:
Code:
/windows/.Trash-1000 - owned by rodrigo (1000). permissions doesnt matter (i guess)
/windows/.Trash-1001 - owned by helena (1001). permissions doesnt matter (i guess)
/windows/.Trash-1002 - owned by rodrigo (1002). permissions doesnt matter (i guess)
/windows/<everything else> - permissions read/write for everyone. Owner is irrelevant
/<everything else outside the NTFS partition> - Same default Ubuntu behaviour


This will allow me to use my NTFS data partition with music, movies and pics with everyone, enabling Trash for all users, and still keep the rest of my system with default privacy/security. Thats my ultimate goal.

Quote:
This is only possible if you have an inheritance scheme, where permissions for new files are defined in the directory in which the files are created. (...) Windows inheritance has to be set up in Windows, either from GUI (use the security tab in the properties of the directory) (...) (though I do not have examples in Portuguese). You may have to log into Windows as an Administrator.


Dont bother with Portuguese. Both Ubuntu and Windows XP here are in English. Ive booted to windows to check current permitions: D:\ is set only with "Everyone" -> "Full Control" (all checkboxes are checked). No other users defined. Owner is BUILTIN\Administrators, and "Use same permitions for all child objects" is checked. Its more permissive than your example, but, again, i dont mind, since this is a data partition so i really dont care. Will this be enough?

Again.. can I do this inheritance for the root "D:\" instead of every folder? If possible, I would like to be able to create new folders, delete them, reorganize them, etc... while setting for each folder (Music, Movies, Pictures, etc) would force me a fixed (root level) structure.

Quote:
Important : do not apply chmod or chown to directories with Windows inheritance defined in them : you would apply Linux rules and delete the Windows inheritance rules. If you need that, you have to switch to Posix inheritance. You can however apply chmod and chown to files, as needed.


After this is all set up, Im not planning on use *any* chmod or chown *ever*. The whole idea of this data partition is to have a place where I dont need to care about it at all ;). But ill save your warning for future reference. Thanks for the advise!

Quote:
It appears in Windows the same way as a file created on another Windows computer, but the owner of a file is rarely seen on a Windows screen. [... Windows created files] will appear as owned by root with full access to anybody (see the inherit directory in the above examples).


Sounds perfect!

Quote:
[Sticky bit] Yes you can, but this means you want permissions, and by doing a chmod you lose the Windows inheritance defined in the sticky directory. You cannot have two different policies for a directory.
Code:
[linux@pavilion2 windows]$ mkdir inherit/sticky
[linux@pavilion2 windows]$ chmod 1777 inherit/sticky
[linux@pavilion2 windows]$ ls -ld inherit/sticky
drwxrwxrwt 1 linux linux 0 Jun 17 10:57 inherit/sticky


Thats great! It opens a whole new world of possibilities!

All your assistance gave me a TON of new info... I guess I have a lot of homework to do now, to test and play with the new options. Again, thanks a LOT!

Rodrigo


Fri Jun 17, 2011 13:33
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Linux Trash for all users on NTFS drive
Hi again,

Quote:
Can this "directory writeable by users" be the partition root itself?

Yes, you can (dangerous for a system partition).
Quote:
Will the changes be persistent after a reboot?

Yes.
Quote:
and still keep the rest of my system with default privacy/security.

You can still have private files on your data partition, just chmod private files or subdirectories.
Quote:
Ive booted to windows to check current permitions: D:\ is set only with "Everyone" -> "Full Control" (all checkboxes are checked). No other users defined. Owner is BUILTIN\Administrators, and "Use same permitions for all child objects" is checked. Its more permissive than your example, but, again, i dont mind, since this is a data partition so i really dont care. Will this be enough?

This is very permissive indeed... but this is what you want.
Quote:
Again.. can I do this inheritance for the root "D:\" instead of every folder? If possible, I would like to be able to create new folders, delete them, reorganize them, etc... while setting for each folder (Music, Movies, Pictures, etc) would force me a fixed (root level) structure.

If I interpret your settings correctly, your D:\ is already set for full control for everybody including inheritance. It must be already set for your requirements.

Just put "permissions,inherit" in /etc/fstab and try.

Note : the directories you have already created on Linux do not have the inheritance parameters in them, and you have to recreate them all, starting from the root directory, then move your existing files into the new directories (then rename the directories if you want to stick to the old name).

Regards

Jean-Pierre


Fri Jun 17, 2011 13:59
Profile

Joined: Fri Nov 04, 2011 22:15
Posts: 1
Post Re: Linux Trash for all users on NTFS drive
Hello Jean-Pierre and Rodrigo,

Thanks a lot for this great thread. It is the first time I encounter the exact answers to what I want. Like Rodrigo, I have a Data partition that should be fully accessible to all the users on the computer. I tried to apply what Jean-Pierre advised, but I unfortunately could not make it totally work.

Here is what I did.

I first went into Windows and edited the properties of the D:\ partition: all users have full control.

I then modified my fstab line into
Code:
UUID=744A39344A38F508 /data ntfs-3g permissions,inherit,nosuid,nodev,locale=fr_FR.UTF-8   0   0


After reboot, I notice that everything works fine on my girlfriend's account. She can delete anything and the files/folders get sent do the Trash. Great!

On my account though (and I am the main user, i.e. with uid=1000), nothing changed. I always get the "Unable to delete message".

Any idea?

Thanks a lot for your help.

Nicolas

PS: Don't worry about examples in French, it is my mothertongue. My groups do not have the same name as yours though: I have Windows 7 in German.


Fri Nov 04, 2011 22:39
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Linux Trash for all users on NTFS drive
Hi Nicolas,

Quote:
On my account though (and I am the main user, i.e. with uid=1000), nothing changed. I always get the "Unable to delete message".

It is not clear to me what you did (some settings do not apply to existing files), and what you want. The output of the following might be useful :
Code:
id
ls -ld /data/.Trash*
ls -l /data/.Trash*
ls -l the-undeletable-file
ls -ld the-parent-directory-of-undeletable-file

Now, you are using the "inherit" option, which uses Windows rules which are different from Linux ones, and files created on Windows and Linux by the same user will belong to different owners and groups, so you may be led to incompatibilities. I recommend setting a user mapping file if you want interoperability with Windows.

In order to do that, please post the outputs of :
Code:
ntfs-3g.secaudit -vv file-owned-by-user1 | grep 'dec S-1-5-21'
ntfs-3g.secaudit -vv file-owned-by-user2 | grep 'dec S-1-5-21'

where file-owned-by-userx has been created by userx on his/her own Windows account.

Regards

Jean-Pierre


Sat Nov 05, 2011 10:23
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.