FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Thu May 13, 2021 03:00



Post new topic Reply to topic  [ 6 posts ] 
inherit: can not open file on Windows 
Author Message

Joined: Fri May 25, 2012 11:32
Posts: 3
Post inherit: can not open file on Windows
Hello all !

I mounted an NTFS partition with inherit option; fstab entry:
UUID=xyz /mnt/WinSwap ntfs-3g inherit 0 0

UserMapping file contents:
:1000:S-1-5-21-10004xxxxx-40818xxxxx-39405xxxxx-513
1000:1000:S-1-5-21-10004xxxxx-40818xxxxx-39405xxxxx-1001

Files created on Linux can NOT be opened on Windows; message window:
Can not open file...

Checking file rights on Windows:
All users, groups and their rights are OK.
Ownership is OK.
Effective rights are OK.
The only difference is [presently], that user + group rights are NOT inherited !

No clue why I am not allowed to open these files, especially as, according to the effective rights I should, and I am the owner of such files.

Anybody else facing this problem ?

Greets,
HL


Fri May 25, 2012 13:22
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: inherit: can not open file on Windows
Hi,

Quote:
UserMapping file contents:
:1000:S-1-5-21-10004xxxxx-40818xxxxx-39405xxxxx-513
1000:1000:S-1-5-21-10004xxxxx-40818xxxxx-39405xxxxx-1001

Please remove the second "1000" from the second line, which contradicts the first line (though it should not be a problem). Also add a default line (must be the last one), so that all uid/gid are mapped :
Code:
::S-1-5-21-10004xxxxx-40818xxxxx-39405xxxxx-10000

However your mapping file should be ok for files created by root or user/group 1000/1000.
Quote:
Ownership is OK

Note that owner and group are not inherited, and Windows does not use them to decide over access rights.
Quote:
The only difference is [presently], that user + group rights are NOT inherited !

No clue why I am not allowed to open these files, especially as, according to the effective rights I should, and I am the owner of such files.

The ownership is not relevant (from the Windows point of view).

A possible explanation is that the parent directory has no inheritable ACE (for instance it was created without the inherit option).
To explain further I need to know the ACL of both the parent directory and a newly created file.
Please post the outputs of :
Quote:
secaudit -vv parent-directory
secaudit -vv parent-directory/created-file

(you may hide the non-significant parts of the SID's)

Regards

Jean-Pierre


Fri May 25, 2012 15:06
Profile

Joined: Fri May 25, 2012 11:32
Posts: 3
Post Re: inherit: can not open file on Windows
Hello Jean-Pierre !

Quote:
Please remove the second "1000" from the second line, which contradicts the first line


Thought the same, nevertheless removing doesn't change the inaccessibility on Windows.

Quote:
Also add a default line (must be the last one), so that all uid/gid are mapped


You shouldn't link to http://b.andre.pagesperso-orange.fr/usermap.html...

Quote:
However your mapping file should be ok for files created by root or user/group 1000/1000.


That's me, and I am the only one.

Quote:
The ownership is not relevant (from the Windows point of view).


I thought that ownership implies full rights on a file; never thought of how that's handled internally.

Quote:
A possible explanation is that the parent directory has no inheritable ACE


F:\WinHome\test\ntfs-3g>secaudit -vv D:\fanta
secaudit 1.3.22 : NTFS security data auditing
Directory D:\fanta
No SACL
000000 01000480 cc000000 e8000000 00000000
000010 14000000 0200b800 08000000 00001800
000020 ff011f00 01020000 00000005 20000000
000030 20020000 000b1800 00000010 01020000
000040 00000005 20000000 20020000 00001400
000050 ff011f00 01010000 00000005 12000000
000060 000b1400 00000010 01010000 00000005
000070 12000000 00001400 bf011300 01010000
000080 00000005 0b000000 000b1400 000001e0
000090 01010000 00000005 0b000000 00001800
0000a0 a9001200 01020000 00000005 20000000
0000b0 21020000 000b1800 000000a0 01020000
0000c0 00000005 20000000 21020000 01050000
0000d0 00000005 15000000 e594a13b 7e0a4cf3
0000e0 ec58dfea e9030000 01050000 00000005
0000f0 15000000 e594a13b 7e0a4cf3 ec58dfea
000100 01020000
Computed hash : 0x261a2eb9
Windows attrib : 0x10
Global header
revision 1
flags 0x8004
DACL present
self relative descriptor
Off USID 0xcc
Off GSID 0xe8
Off SACL 0x0
Off DACL 0x14
Owner SID
Local user-1001 SID
O:hex S-1-5-15-xox-3e9
O:dec S-1-5-21-xox-1001
Group SID
Local users SID
G:hex S-1-5-15-xox-201
G:dec S-1-5-21-xox-513
DACL
revision 2
ACL size 184
ACE cnt 8
ACE 1 at 0x1c
type 0
Access allowed
flags 0x0
Size 0x18
Acc rgts 0x1f01ff
Obj specific acc rgts 0x1ff
List directory
Add file
Add subdirectory
Read EA
Write EA
Traverse
Delete child
Read attributes
Write attributes
standard acc rgts 0x1f
Delete
Read control
Write DAC
Write owner
Synchronize
SID at 0x24
Local admins SID
hex S-1-5-20-220
dec S-1-5-32-544
Summary : grant rwx applied
ACE 2 at 0x34
type 0
Access allowed
flags 0xb
Object inherits ACE
Container inherits ACE
Inherit only ACE
Size 0x18
Acc rgts 0x10000000
Obj specific acc rgts 0x0
standard acc rgts 0x0
Generic all
SID at 0x3c
Local admins SID
hex S-1-5-20-220
dec S-1-5-32-544
Summary : grant none inherited
ACE 3 at 0x4c
type 0
Access allowed
flags 0x0
Size 0x14
Acc rgts 0x1f01ff
Obj specific acc rgts 0x1ff
List directory
Add file
Add subdirectory
Read EA
Write EA
Traverse
Delete child
Read attributes
Write attributes
standard acc rgts 0x1f
Delete
Read control
Write DAC
Write owner
Synchronize
SID at 0x54
NT System SID
hex S-1-5-12
dec S-1-5-18
Summary : grant rwx applied
ACE 4 at 0x60
type 0
Access allowed
flags 0xb
Object inherits ACE
Container inherits ACE
Inherit only ACE
Size 0x14
Acc rgts 0x10000000
Obj specific acc rgts 0x0
standard acc rgts 0x0
Generic all
SID at 0x68
NT System SID
hex S-1-5-12
dec S-1-5-18
Summary : grant none inherited
ACE 5 at 0x74
type 0
Access allowed
flags 0x0
Size 0x14
Acc rgts 0x1301bf
Obj specific acc rgts 0x1bf
List directory
Add file
Add subdirectory
Read EA
Write EA
Traverse
Read attributes
Write attributes
standard acc rgts 0x13
Delete
Read control
Synchronize
SID at 0x7c
Authenticated user SID
hex S-1-5-b
dec S-1-5-11
Summary : grant rwx applied
ACE 6 at 0x88
type 0
Access allowed
flags 0xb
Object inherits ACE
Container inherits ACE
Inherit only ACE
Size 0x14
Acc rgts 0xe0010000
Obj specific acc rgts 0x0
standard acc rgts 0x1
Delete
Generic execute
Generic write
Generic read
SID at 0x90
Authenticated user SID
hex S-1-5-b
dec S-1-5-11
Summary : grant rwx inherited
ACE 7 at 0x9c
type 0
Access allowed
flags 0x0
Size 0x18
Acc rgts 0x1200a9
Obj specific acc rgts 0xa9
List directory
Read EA
Traverse
Read attributes
standard acc rgts 0x12
Read control
Synchronize
SID at 0xa4
Local users SID
hex S-1-5-20-221
dec S-1-5-32-545
Summary : grant rx applied
ACE 8 at 0xb4
type 0
Access allowed
flags 0xb
Object inherits ACE
Container inherits ACE
Inherit only ACE
Size 0x18
Acc rgts 0xa0000000
Obj specific acc rgts 0x0
standard acc rgts 0x0
Generic execute
Generic read
SID at 0xbc
Local users SID
hex S-1-5-20-221
dec S-1-5-32-545
Summary : grant rx inherited
No SACL
Interpreted Unix owner 0, group 0, mode 0755
Posix descriptor :
acccnt 3
defcnt 3
firstdef 3
mode : 0755
tagsset : 0x25
Posix ACL :
version 2
flags 0x00
ace 0 : access USR-O -1 perms 0007 rwx
ace 1 : access GRP-O -1 perms 0005 r-x
ace 2 : access OTHER -1 perms 0005 r-x
ace 3 : default USR-O -1 perms 0007 rwx
ace 4 : default GRP-O -1 perms 0005 r-x
ace 5 : default OTHER -1 perms 0005 r-x
** freeing unallocated memory in acls.c line 4093

Output looks a bit difficult to understand... ;)
The GUI says 'inherit to: this folder, sub-folder and files'; remark: translated to English.

Meanwhile it came out, that I can access the [via Linux created] files on Windows with administrative rights.

I am going to delete the second 1000, and to add a default line; very likely not today.

Thanks for your help,
HL


Fri May 25, 2012 16:30
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: inherit: can not open file on Windows
Hi again,

Which Windows version did you use to create this directory ? Did you change its ACL after the directory was created ?

The problem seems to be here :
Code:
ACE 6 at 0x88
    type     0
        Access allowed
    flags    0xb
        Object inherits ACE
        Container inherits ACE
        Inherit only ACE
    Size     0x14
    Acc rgts 0xe0010000
        Obj specific acc rgts 0x0
        standard acc rgts 0x1
            Delete
        Generic execute
        Generic write
        Generic read
    SID at 0x90
        Authenticated user SID
        hex S-1-5-b
        dec S-1-5-11
    Summary : grant rwx inherited

So, the ACE pattern for inheritance is a generic one, which I never met before. I get this as good news, because the access will be granted to the creator of the file (instead of the owner of the parent directory).

The bad news is that this is not implemented... Will take a few days, stay tuned.

It might be helpful you post the "secaudit" output for a file created *by Windows* in that directory.

Yes, this is now obsolete (and not much useful).

[ I deleted your other message ]

Regards

Jean-Pierre


Fri May 25, 2012 17:20
Profile

Joined: Fri May 25, 2012 11:32
Posts: 3
Post Re: inherit: can not open file on Windows
Hi Jean-Pierre !

Quote:
Which Windows version did you use to create this directory ?


F:\WinHome>ver
Microsoft Windows [Version 6.1.7601]

Quote:
Did you change its ACL after the directory was created ?


No. I formated this partition via diskmgmt.msc a couple of days ago, that's it.

Quote:
So, the ACE pattern for inheritance is a generic one, which I never met before. I get this as good news...


I this special case, me, I don't. ;)

Quote:
The bad news is that this is not implemented... Will take a few days...


As this partition will contain nothing but my exchange files [and pagefile.sys], it would also be OK to give me an ACL your driver can handle. Otherwise, I wish to ask you to mark your changes in such a way that it reaches Xubuntu 12.04 amd64 via its standard repository; I am not too keen on compiling my own file-system driver, which you may not support either.

Quote:
It might be helpful you post the "secaudit" output for a file created *by Windows* in that directory.


F:\WinHome\test\ntfs-3g>secaudit -vv D:\fanta\JPfile.txt
secaudit 1.3.22 : NTFS security data auditing
File D:\fanta\JPfile.txt
No SACL
000000 01000480 74000000 90000000 00000000
000010 14000000 02006000 04000000 00001800
000020 ff011f00 01020000 00000005 20000000
000030 20020000 00001400 ff011f00 01010000
000040 00000005 12000000 00001400 bf011300
000050 01010000 00000005 0b000000 00001800
000060 a9001200 01020000 00000005 20000000
000070 21020000 01050000 00000005 15000000
000080 e594a13b 7e0a4cf3 ec58dfea e9030000
000090 01050000 00000005 15000000 e594a13b
0000a0 7e0a4cf3 ec58dfea 01020000
Computed hash : 0xeaf71203
Windows attrib : 0x20
Global header
revision 1
flags 0x8004
DACL present
self relative descriptor
Off USID 0x74
Off GSID 0x90
Off SACL 0x0
Off DACL 0x14
Owner SID
Local user-1001 SID
O:hex S-1-5-15-xox-3e9
O:dec S-1-5-21-xox-1001
Group SID
Local users SID
G:hex S-1-5-15-xox-201
G:dec S-1-5-21-xox-513
DACL
revision 2
ACL size 96
ACE cnt 4
ACE 1 at 0x1c
type 0
Access allowed
flags 0x0
Size 0x18
Acc rgts 0x1f01ff
Obj specific acc rgts 0x1ff
Read data
Write data
Append data
Read EA
Write EA
Execute
Read attributes
Write attributes
standard acc rgts 0x1f
Delete
Read control
Write DAC
Write owner
Synchronize
SID at 0x24
Local admins SID
hex S-1-5-20-220
dec S-1-5-32-544
Summary : grant rwx applied
ACE 2 at 0x34
type 0
Access allowed
flags 0x0
Size 0x14
Acc rgts 0x1f01ff
Obj specific acc rgts 0x1ff
Read data
Write data
Append data
Read EA
Write EA
Execute
Read attributes
Write attributes
standard acc rgts 0x1f
Delete
Read control
Write DAC
Write owner
Synchronize
SID at 0x3c
NT System SID
hex S-1-5-12
dec S-1-5-18
Summary : grant rwx applied
ACE 3 at 0x48
type 0
Access allowed
flags 0x0
Size 0x14
Acc rgts 0x1301bf
Obj specific acc rgts 0x1bf
Read data
Write data
Append data
Read EA
Write EA
Execute
Read attributes
Write attributes
standard acc rgts 0x13
Delete
Read control
Synchronize
SID at 0x50
Authenticated user SID
hex S-1-5-b
dec S-1-5-11
Summary : grant rwx applied
ACE 4 at 0x5c
type 0
Access allowed
flags 0x0
Size 0x18
Acc rgts 0x1200a9
Obj specific acc rgts 0xa9
Read data
Read EA
Execute
Read attributes
standard acc rgts 0x12
Read control
Synchronize
SID at 0x64
Local users SID
hex S-1-5-20-221
dec S-1-5-32-545
Summary : grant rx applied
No SACL
Interpreted Unix owner 0, group 0, mode 0755
** freeing unallocated memory in acls.c line 4093
No errors were found

Quote:
[ I deleted your other message ]


:o No like at all ? ;)

Greets,
HL


Fri May 25, 2012 20:50
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: inherit: can not open file on Windows
Hi again,

Quote:
As this partition will contain nothing but my exchange files [and pagefile.sys], it would also be OK to give me an ACL your driver can handle.

So, do not use the inherit option, delete the directory, recreate it on Linux and set the usual permissions :
Code:
rm -rf directory
mkdir directory
chmod 775 directory
chown 1000:1000 directory

This will lead to interoperable files and directories, but there will be no inheritance. As a consequence, files will not be executable by default (even when created by Windows).
Note : when moved (renames) files and directories retain their ACL, you need to create new ones.

Quote:
Otherwise, I wish to ask you to mark your changes in such a way that it reaches Xubuntu 12.04 amd64 via its standard repository; I am not too keen on compiling my own file-system driver, which you may not support either.

That means you will have to wait several months....

Regards

Jean-Pierre


Fri May 25, 2012 22:00
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.