FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Fri May 07, 2021 04:12



Post new topic Reply to topic  [ 18 posts ] 
How use MyDocuments and Shared Documents on Linux like on XP 
Author Message

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post How use MyDocuments and Shared Documents on Linux like on XP
Happy new year!

I am installing, for 4 users, a PC dual boot XP + mandriva2008.1 (with last ntfs-3g 2009.11.4).
I want to reach My Documents and Shared Documents independently from XP or Linux
I want each My Documents confidential
I want each user write in the Shared Documents independently from owner

To make it:
XP on ntfs-3g partitions:
for each user move the My Documents from C: to D:
Set each My Documents in "confidential"
move also the Shared Documents from C: to D:
(the BDR is modified according to the move)

Linux on ext3 partition:
for each /home/user make links to the My Documents and the Shared Documents on D:

On file built on XP, for each user
My Documents are with rigth owner, same group, mode 0700 and Shared Documents rigth owner, same group, mode 666
But for file built on Linux, for each user
My Documents are with rigth owner, same group, mode 0644 and Shared Documents rigth owner, same group, mode 644

So, on Linux, major problem is in the Shared Documents, a user X cannot write on a file build by another user!
Minor problem is all user can read in My Documents

I expected same behavior between the 2 OS!
But how do?

Thanks

My UserMapping file built with usermap launched for each user on XP :
[code][500::S-1-5-21-1409082233-606747145-839522115-1003
501::S-1-5-21-1409082233-606747145-839522115-1004
502::S-1-5-21-1409082233-606747145-839522115-1005
503::S-1-5-21-1409082233-606747145-839522115-1006
:500:S-1-5-21-1409082233-606747145-839522115-513
:501:S-1-5-21-1409082233-606747145-839522115-513
:502:S-1-5-21-1409082233-606747145-839522115-513
:503:S-1-5-21-1409082233-606747145-839522115-513
::S-1-5-21-1409082233-606747145-839522115-10000
/code]

My fstab:
[code][# Entry for /dev/sda2 :
UUID=334ab56a-e9b1-11de-8aa2-dd15276bb9ee / ext3 relatime 1 1
# Entry for /dev/sda5 :
UUID=a36e8920-e9b1-11de-9e93-95fd5bb13a1c /home ext3 relatime 1 2
/dev/cdrom /media/cdrom auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0
/dev/fd0 /media/floppy auto umask=0,users,iocharset=utf8,noauto,exec,flush 0 0
# Entry for /dev/sda3 :
UUID=40A9D9F14DCE15D9 /mnt/win_c ntfs-3g defaults 0 0
# Entry for /dev/sda6 :
UUID=08C7869C23285E01 /mnt/win_d ntfs-3g defaults 0 0
none /proc proc defaults 0 0
# Entry for /dev/sda1 :
UUID=134ed28d-56f1-4af7-b4fb-be16e0e72b4a swap swap defaults 0 0
/code]


Sun Jan 03, 2010 14:49
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

Quote:
On file built on XP, for each user
My Documents are with rigth owner, same group, mode 0700 and Shared Documents rigth owner, same group, mode 666
But for file built on Linux, for each user
My Documents are with rigth owner, same group, mode 0644 and Shared Documents rigth owner, same group, mode 644

I guess these are the protections for files created inside "My Documents" and "Shared Documents", not on the directories themselves.
Quote:
So, on Linux, major problem is in the Shared Documents, a user X cannot write on a file build by another user!

This is because the "umask" on Linux is probably set as 022 for each user. If you set it as zero, files will be created with protection 666 and any user wille be able to overwrite files created by another user (the umask setting is generally located in a startup script such as .bashrc or .profilerc)
Code:
# display the current umask setting
umask
# set umask of current user as zero
umask 000

Quote:
Minor problem is all user can read in My Documents

Are you sure ? You mentioned 0700 for files created by Windows in "My Documents", this is probably due to permissions to "My Documents" being set as 0700, which means a user cannot open the "My Documents" of another user.
Please check the ownership and permissions of the directories "Shared Documents" and all "My Documents" (if in doubt, post the "ls -ld" displays).
Quote:
I expected same behavior between the 2 OS!
But how do?

Windows and Linux use much different policies : initial protections for files created by Windows are defined by the parent directory, whereas initial protections for files created by Linux are only controlled by the umask. If you want a more similar policy you may use Posix ACLs, or the inherit option but they could lead to unpleasant side effects, and setting umask as zero could be enough.
Quote:
500:S-1-5-21-1409082233-606747145-839522115-513
:501:S-1-5-21-1409082233-606747145-839522115-513
:502:S-1-5-21-1409082233-606747145-839522115-513
:503:S-1-5-21-1409082233-606747145-839522115-513

You have defined the same representation for different groups. As a consequence, groups cannot be used to differentiate the rights of users. You cannot have the same protection policy if the user-group relations are not the same on both systems. Do you really want your users to be in different Linux groups though in same Windows group ? Unless this is important for you, you should probably force the same default group for each Linux user (option -g of usermod).
Quote:
# Entry for /dev/sda3 :
UUID=40A9D9F14DCE15D9 /mnt/win_c ntfs-3g defaults 0 0

Hint : as you have separated data from system, you can mount the Windows system partition as read-only, this will protect the system from unwanted changes.

Regards

Jean-Pierre


Sun Jan 03, 2010 20:25
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi Jean-Pierre,

A)
Quote:
Windows and Linux use much different policies : initial protections for files created by Windows are defined by the parent directory, whereas initial protections for files created by Linux are only controlled by the umask. If you want a more similar policy you may use Posix ACLs, or the inherit option but they could lead to unpleasant side effects, and setting umask as zero could be enough.

but umask will play on My Documents and on Shared Documents, no?
an in My Documents, there is risk any user writes file built by another!

Nevertheless after change the umask from 0022 to 0 in /etc/bashrc
only file built by root have changement in permissions!!!

in Shared Documents (DocumentsFamille)
ls -ld =777
then ls -l shows permission is linked to user and OS where the file is built
so the major problem is always a file built by user alexandra under Linux is not writable by another user
while not for same user building file under XP
note: XP = file built on XP
Linux = file built on Linux

Code:
drwxrwxrwx 1 root root 4096 2010-01-04 16:20 ./
-rw-r--r-- 1 alexandra alexandra 0 2010-01-04 15:40 alexandraLinux6.txt
-rw-rw-rw- 2 alexandra root      0 2010-01-04 15:28 alexandraXP6.txt
-rw-rw-rw- 2 melissa   root      0 2010-01-04 15:31 melissaXP6.txt
-rw-rw-rw- 1 root      root      0 2010-01-04 16:20 rootLinux6.txt

or in My Document (alexandra user)
ls -ld =700
then ls -l
the minor problem is always a file built by user alexandra under Linux is readable by another user
while is not readable under XP
Code:
drwx------ 1 alexandra root 4096 2010-01-04 16:25 ./
-rw-r--r-- 1 alexandra alexandra      0 2010-01-04 15:44 alexandraLinux6.txt
-rw-rw-rw- 1 root      root           0 2010-01-04 16:25 rootLinux6.txt
-rwx------ 2 alexandra root           0 2010-01-04 15:29 AlexandraXP6.txt*


B)
Quote:
Quote:
500:S-1-5-21-1409082233-606747145-839522115-513
:501:S-1-5-21-1409082233-606747145-839522115-513
:502:S-1-5-21-1409082233-606747145-839522115-513
:503:S-1-5-21-1409082233-606747145-839522115-513

You have defined the same representation for different groups. As a consequence, groups cannot be used to differentiate the rights of users. You cannot have the same protection policy if the user-group relations are not the same on both systems. Do you really want your users to be in different Linux groups though in same Windows group ? Unless this is important for you, you should probably force the same default group for each Linux user (option -g of usermod).

in fact I am using the default group on XP and Linux
so, you are true, in this case I have to remove group
so the UserMapping file used with the umask=0
Code:
500::S-1-5-21-1409082233-606747145-839522115-1003
501::S-1-5-21-1409082233-606747145-839522115-1004
502::S-1-5-21-1409082233-606747145-839522115-1005
503::S-1-5-21-1409082233-606747145-839522115-1006
::S-1-5-21-1409082233-606747145-839522115-10000


C) [quote][Quote:
# Entry for /dev/sda3 :
UUID=40A9D9F14DCE15D9 /mnt/win_c ntfs-3g defaults 0 0

Hint : as you have separated data from system, you can mount the Windows system partition as read-only, this will protect the system from unwanted changes.
/quote]
you are true, but like at installation I used a bash script to move the Shared Documents from C: to D:, I was not able, so now I can add the ro option, it is more safe!
But if I do not mount this Windows system partition with noauto instead of ro, is better, no?

Thanks


Mon Jan 04, 2010 18:56
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

Quote:
but umask will play on My Documents and on Shared Documents, no?

Yes.
Quote:
an in My Documents, there is risk any user writes file built by another!

No, because "My Documents" is protected as 700, so only the owner of "My Documents" can enter it (even if inner files are not protected).
Quote:
Nevertheless after change the umask from 0022 to 0 in /etc/bashrc
only file built by root have changement in permissions!!!

This is strange. Logout and login again as a plain user so that /etc/bashrc is executed, and check again (type umask)
Quote:
or in My Document (alexandra user)
ls -ld =700
then ls -l
the minor problem is always a file built by user alexandra under Linux is readable by another user while is not readable under XP

Code:
drwx------ 1 alexandra root 4096 2010-01-04 16:25 ./
-rw-r--r-- 1 alexandra alexandra      0 2010-01-04 15:44 alexandraLinux6.txt

Wrong : melissa cannot access alexandraLinux6.txt because she cannot open the parent directory (did she really try to read the file ?).
Quote:
in fact I am using the default group on XP and Linux

The default group on XP is unique, whereas on Linux, each user has his own default group. With your UserMapping, all files created on ntfs will appear in the group 500. What I was suggesting is to put all the users in the same group to reduce confusion, but you may want not to do that.
Quote:
so, you are true, in this case I have to remove group

No, keep one group (say 500) and map it to the Windows group (...-513), and define 500 as the default group for users 501, 502 and 503. This was just a suggestion.

Note : your requirements should be satisfied in the current situation, but if you feel the solution is not satisfactory, try using Windows inheritance on Linux, by putting the option inherit in /etc/fstab (then umount and mount again), you may get a result more close to what you expect.
Quote:
But if I do not mount this Windows system partition with noauto instead of ro, is better, no?

Yes, you may prefer to do so.

Regards

Jean-Pierre


Mon Jan 04, 2010 20:29
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi Jean-Pierre,

Quote:
This is strange. Logout and login again as a plain user so that /etc/bashrc is executed, and check again (type umask)


yes, really strange, impossible to have umask=0 for user
I tried in /etc/bashrc => umask=0 only for root, 0022 for user
in /etc/bashrc and /etc/profile => same results
Nothing about umask in ~/.bashrc and ~/.bash_profile!

Add in /etc/fstab (after return back in /etc/bashrc and /etc/profile)
Code:
# Entry for /dev/sda6 :
UUID=08C7869C23285E01 /mnt/win_d ntfs-3g iocharset=utf8,codepage=850,umask=000 0 0
result: umask always=0022

To find where is written umask,
I launched a rgrep -iFlr umask . > toto 2>&1 on the / partition
...so, at this time the command is always running...
Do you have an idea about where is written the umask for user on mandriva 2008.1?

Thanks


Tue Jan 05, 2010 21:32
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,
Quote:
yes, really strange, impossible to have umask=0 for user
I tried in /etc/bashrc => umask=0 only for root, 0022 for user

In my own /etc/bashrc there is a condition :
Code:
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi

This implies 002 for normal users. Apparently the condition is different on your system, as you get 022. Insert an "echo" to check which one is executed.
Quote:
Nothing about umask in ~/.bashrc and ~/.bash_profile!

Try inserting the umask in ~/.bashrc (after the call to /etc/bashrc).
Quote:
Add in /etc/fstab (after return back in /etc/bashrc and /etc/profile)

This is not relevant. The umask option in mount does not prevent the normal umask from being applied.
Quote:
Do you have an idea about where is written the umask for user on mandriva 2008.1?

The one in /etc/bashrc is probably the only one. Are you using bash as your default shell ? (check in /etc/passwd).

Also, regarding the users being in different groups, having only one group explicitly defined in UserMapping may be more satisfactory for you :
Code:
500::S-1-5-21-1409082233-606747145-839522115-1003
501::S-1-5-21-1409082233-606747145-839522115-1004
502::S-1-5-21-1409082233-606747145-839522115-1005
503::S-1-5-21-1409082233-606747145-839522115-1006
:500:S-1-5-21-1409082233-606747145-839522115-513
::S-1-5-21-1409082233-606747145-839522115-10000

This way each user will has his/her file appearing with the correct group name. The groups 501, 502 and 503 will not be recognized by Windows, but this does not matter because in your situation the rights for "other" are always the same as the rights for "group". However files created by Windows will appear in group 500.

Regards

Jean-Pierre


Tue Jan 05, 2010 22:24
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi Jean-Pierre,

yes, all users and root are using bashrc
Code:
cat /etc/passwd |grep bash
root:x:0:0:root:/root:/bin/bash
alexandra:x:500:500:alexandra:/home/alexandra:/bin/bash
william:x:501:501:william:/home/william:/bin/bash
melissa:x:502:502:melissa:/home/melissa:/bin/bash
marie:x:503:503:marie:/home/marie:/bin/bash

So, I put echo like you said in the condition I have also in /etc/bashrc
Code:
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
#umask 02
# PM 20090105: change umask because shared documents between Windows and Linux
umask 000
echo   "umask 000 the nightmare"
else
umask 022
echo   "umask 022"
fi

Sorry for the lost time, you are true: for each user the if is active and the else is only for root
but nevertheless, I am beginning mad...
in the launched Konsole at startup (login=alexandra), echo displays umask=0 but when verifying, umask=0022 !
then making a su on each user, alexandra also then root the echo and the verifying are OK=0000
Code:
umask 000 the nightmare
[alexandra@localhost ~]$ umask
0022
[alexandra@localhost ~]$ su - william
Mot de passe :
umask 000 the nightmare
[william@localhost ~]$ umask
0000
[william@localhost ~]$ su - marie
Mot de passe :
umask 000 the nightmare
[marie@localhost ~]$ umask
0000
[marie@localhost ~]$ su - melissa
Mot de passe :
umask 000 the nightmare
[melissa@localhost ~]$ umask
0000
[melissa@localhost ~]$ su - alexandra
umask 000 the nightmare
[alexandra@localhost ~]$ umask
0000
[alexandra@localhost ~]$ su - root
Mot de passe :
umask 022
[root@localhost ~]# umask
0022
[root@localhost ~]#

So, when umask=0000 for each user
in each My Document there are -rw-rw-rw- instead of -rw-r--r--
Code:
-rw-rw-rw- 1 alexandra alexandra      0 2010-01-05 23:18 alexandraLinux8.txt
-rw-rw-rw- 1 william william    0 2010-01-05 23:27 williamLinux8.txt
-rw-rw-rw- 1 marie marie    0 2010-01-05 23:39 marieLinux8.txt
-rw-rw-rw- 1 melissa melissa  0 2010-01-05 23:41 melissaLinux8.txt

but in Shared Documents
the alexandra user used at login continues to be strange:
first touch (umask=000) but permissions are bad (-rw-r--r--)
and after su then exit on another user
second alexandra touch is OK (-rw-rw-rw-) (it is OK also for the other users -rw-rw-rw-)
Code:
-rw-r--r-- 1 alexandra alexandra 0 2010-01-05 23:25 alexandraLinux8.txt
-rw-rw-rw- 1 william   william   0 2010-01-05 23:28 williamLinux8.txt
-rw-rw-rw- 1 alexandra alexandra 0 2010-01-05 23:32 alexandraLinux8-2.txt
-rw-rw-rw- 1 marie     marie     0 2010-01-05 23:40 marieLinux8.txt
-rw-rw-rw- 1 melissa   melissa   0 2010-01-05 23:41 melissaLinux8.txt

So, resuming, now my requesting are almost OK excepting the strange behavior in the Konsole launched with the account alexandra at login!
Do you have another idea?

Thanks a new time Jean-Pierre

Note: I removed the umask in /etc/fstab
Code:
UUID=08C7869C23285E01 /mnt/win_d ntfs-3g iocharset=utf8,codepage=850 0 0
and my UserMapping file is now
Code:
500::S-1-5-21-1409082233-606747145-839522115-1003
501::S-1-5-21-1409082233-606747145-839522115-1004
502::S-1-5-21-1409082233-606747145-839522115-1005
503::S-1-5-21-1409082233-606747145-839522115-1006
:1001:S-1-5-21-1409082233-606747145-839522115-513
::S-1-5-21-1409082233-606747145-839522115-10000

with 1001 on Linux
Code:
famille:x:1001:alexandra,william,melissa,marie


Wed Jan 06, 2010 01:16
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

Quote:
with 1001 on Linux
Code:
famille:x:1001:alexandra,william,melissa,marie

So, everybody is in group "famille", but
Code:
william:x:501:501:william:/home/william:/bin/bash

So 501 is still the default group for william, which means the files he creates are in group 501 not 1001 (similarly for other users) :
Code:
-rw-rw-rw- 1 william william    0 2010-01-05 23:27 williamLinux8.txt

and the group william uses a reference derived from the implicit user mapping (last user mapping line), which will not be recognized by Windows. This is probably not a problem, but you may want his files to appear as "william famille", and to do that 1001 has to be his default group. The command to do that is roughly (not tested) :
Code:
usermod -g 1001 -G 501 william


Now, this has a consequence on the umask setting, because the condition contains the subexpression "`id -gn`" = "`id -un`" which is a test whether the user and the group have the same name. With the proposed group setting "william" is different from "famille" so the other umask would be executed. I would remove this subexpression from the condition to avoid that :
Code:
if [ `id -u` -gt 99 ]; then
umask 000


Quote:
So, resuming, now my requesting are almost OK excepting the strange behavior in the Konsole launched with the account alexandra at login!

This is unclear to me. Add
Code:
id

at the end of /etc/bashrc so that the user's parameters get displayed.

Regards

Jean-Pierre


Wed Jan 06, 2010 13:20
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi Jean-Pierre,

you wrote
Quote:
Quote:
So, resuming, now my requesting are almost OK excepting the strange behavior in the Konsole launched with the account alexandra at login!

This is unclear to me. Add
Code:
id
at the end of /etc/bashrc so that the user's parameters get displayed.

but sorry, before read your post I already put my tags in /etc/bashrc with no change on conditions
Code:
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
# PM 20090105: change umask because shared documents between Windows and Linux
  umask 002
  echo "`umask` in `id -un` in /etc/bashrc -> UMASK_ROOT=$UMASK_ROOT UMASK_USER=$UMASK_USER"
else
  umask 022
  echo   "`umask` in `id -un` in /etc/bashrc -> UMASK_ROOT=$UMASK_ROOT UMASK_USER=$UMASK_USER"
fi

and in /$HOME/.bashrc setting also the umask to 006= -rw-rw---
Code:
echo "`umask` in `id -un`/.bashrc -> UMASK_ROOT=$UMASK_ROOT UMASK_USER=$UMASK_USER"
# Source global definitions
if [ -f /etc/bashrc ]; then
   . /etc/bashrc
fi
# PM 20090105: change umask because shared documents between Windows and Linux
umask 006
echo "`umask` in `id -un`/.bashrc -> UMASK_ROOT=$UMASK_ROOT UMASK_USER=$UMASK_USE

(in my mandriva2008.1 /etc/bashrc is launched in /$HOME/.bashrc)

So result lauching Konsole
Code:
0006 in alexandra/.bashrc -> UMASK_ROOT= UMASK_USER=
0022 in alexandra in /etc/bashrc -> UMASK_ROOT= UMASK_USER=
0006 in alexandra/.bashrc -> UMASK_ROOT=022 UMASK_USER=022

then making su william, exit, su - william, exit
Code:
[alexandra@localhost ~]$ su william
Mot de passe :
0006 in william/.bashrc -> UMASK_ROOT= UMASK_USER=
0022 in william in /etc/bashrc -> UMASK_ROOT= UMASK_USER=
0006 in william/.bashrc -> UMASK_ROOT=022 UMASK_USER=022umask
[william@localhost alexandra]$ exit
exit
[alexandra@localhost ~]$ su - william
Mot de passe :
0022 in william/.bashrc -> UMASK_ROOT=022 UMASK_USER=022
0022 in william in /etc/bashrc -> UMASK_ROOT=022 UMASK_USER=022
0006 in william/.bashrc -> UMASK_ROOT=022 UMASK_USER=022umask
[william@localhost ~]$

so typing the last exit involving back to alexandra the umask is now to 0006 while at lauching Konsole it stayed to 022 without the
modification in /$HOME/.bashrc
Code:
[alexandra@localhost ~]$ umask
0006
[alexandra@localhost ~]$



Quote:
Quote:
with 1001 on Linux
Code:
famille:x:1001:alexandra,william,melissa,marie

So, everybody is in group "famille", but
Code:
william:x:501:501:william:/home/william:/bin/bash

So 501 is still the default group for william, which means the files he creates are in group 501 not 1001 (similarly for other users) :

you are true, there were mistmatch on the groups, so I removed the 50x groups set by default, now I have
Code:
alexandra:x:500:1001:alexandra:/home/alexandra:/bin/bash
william:x:501:1001:william:/home/william:/bin/bash
melissa:x:502:1001:melissa:/home/melissa:/bin/bash
marie:x:503:1001:marie:/home/marie:/bin/bash

and adapted the UserMapping file
Code:
500:1001:S-1-5-21-1409082233-606747145-839522115-1003
501:1001:S-1-5-21-1409082233-606747145-839522115-1004
502:1001:S-1-5-21-1409082233-606747145-839522115-1005
503:1001:S-1-5-21-1409082233-606747145-839522115-1006
:1001:S-1-5-21-1409082233-606747145-839522115-513
::S-1-5-21-1409082233-606747145-839522115-10000


So, rnow esuming: with only adding umask=006 in each /$HOME/.bashrc and removed mismatches in groups
results in My Documents
Code:
-rw-rw---- 1 alexandra famille      0 2010-01-06 23:24 alexandraLinux10.txt
-rwx------ 2 alexandra famille      0 2010-01-06 23:29 alexandraXP10.txt*

and in Shared Documents
Code:
-rw-rw---- 1 alexandra famille    0 2010-01-06 23:24 alexandraLinux10.txt
-rw-rw-rw- 2 alexandra famille    0 2010-01-06 23:30 alexandraXP10.txt


So, side LINUX:
in My Documents
the minor problem do not exist like you said: an user X cannot read file built by user Y because X cannot open the Y parent directory
and in the Shared Documents the major problem
Quote:
so the major problem is always a file built by user alexandra under Linux is not writable by another user
while not for same user building file under XP
note: XP = file built on XP
Linux = file built on Linux
dissapears
Just staying maybe tuning side XP to have also -rw-rw--- instead of -rw-rw-rw to avoid the shared files are read and write by the world
I think to make a new group instead of 513 with only same members in the LINUX famille group...but I never do that on Windows...
Maybe another nightmare for me! Do you knows how do?

Thanks Jean-Pierre


Thu Jan 07, 2010 01:49
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

Congratulations ! your current settings match your requirements !

Code:
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
# PM 20090105: change umask because shared documents between Windows and Linux
  umask 002
  echo "`umask` in `id -un` in /etc/bashrc -> UMASK_ROOT=$UMASK_ROOT UMASK_USER=$UMASK_USER"
else
  umask 022
  echo   "`umask` in `id -un` in /etc/bashrc -> UMASK_ROOT=$UMASK_ROOT UMASK_USER=$UMASK_USER"
fi

This has become very complicated, and needless complex. Now everybody is in the same default group, so you need not set the write permission for "other". As a consequence, you may replace all the above by a single umask valid for all situations :
Code:
umask 002

Quote:
so typing the last exit involving back to alexandra the umask is now to 0006 while at lauching Konsole it stayed to 022 without the modification in /$HOME/.bashrc

So Konsole changes the umask...
Quote:
and adapted the UserMapping file
Code:
500:1001:S-1-5-21-1409082233-606747145-839522115-1003
501:1001:S-1-5-21-1409082233-606747145-839522115-1004
502:1001:S-1-5-21-1409082233-606747145-839522115-1005
503:1001:S-1-5-21-1409082233-606747145-839522115-1006
:1001:S-1-5-21-1409082233-606747145-839522115-513
::S-1-5-21-1409082233-606747145-839522115-10000

This is wrong : you have multidefined the group 1001, but the line with a group and no user has priority, so it does not really matter. However the correct user mapping is the one you had the day before :
Code:
500::S-1-5-21-1409082233-606747145-839522115-1003
501::S-1-5-21-1409082233-606747145-839522115-1004
502::S-1-5-21-1409082233-606747145-839522115-1005
503::S-1-5-21-1409082233-606747145-839522115-1006
:1001:S-1-5-21-1409082233-606747145-839522115-513
::S-1-5-21-1409082233-606747145-839522115-10000

Quote:
Just staying maybe tuning side XP to have also -rw-rw--- instead of -rw-rw-rw to avoid the shared files are read and write by the world
I think to make a new group instead of 513 with only same members in the LINUX famille group...but I never do that on Windows...
Maybe another nightmare for me! Do you knows how do?

That is an option which I feel useless, and I will not be able to help you much...

Regards

Jean-Pierre


Thu Jan 07, 2010 09:39
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi Jean-Pierre,

after some pb, I dropped use of group on XP.
I added also a fifth user with special permissions and not belonging to the family group.

So, like I must give the PC to the family, I post here for communauty, my last requirements and also how I do side XP and Linux
Nevertheless, if you have remarks, I will try to implement them...

Thanks for your help

Kalagani

Requirements:
PC dual boot XP pro + mandriva2008.1 (with last ntfs-3g 2009.11.4)
4 users in a same family group and a fifth guest user
Under each OS:
_the 5 accounts can read or write in their private "My Documents" on a same D: ntfs partition space
the 4 family's accounts can read in the private guest's "My Documents"
_the 4 family's accounts can read or write in a "Shared Documents" on a same D: ntfs partition space
the guest account can only read in "Music sub-folder" on the "Shared Documents" parent.

quickly HOWTO:
XP side:
_for each user move the "My Documents" from C: to D:
_set each "My Documents" in "confidential" for the 4 family's accounts, not for the guest
_move also the "Shared Documents" from C: to D:
(the BDR is modified according to the move)
_ set the permissions for the guest account on the "Shared Documents" parent
a) disable the simple file sharing to display the Security and Sharing tabs (kb307874)
so, using Security (Sécurité) tab,
add the guest account on the "Shared Documents" parent folder
in column Autorize (Autoriser), let default values...
in column Refuse (Refuser), set Write (Ecriture)
now, tune to avoid clear by
using Advanced parameters (Paramêtres avancés)
select the Refuse|guest account|Write (Refuser|guest account|Ecriture) line
then clic Modify (Modifier) button
in column Refuse (Refuser), set Removing sub-folder and file
(Suppression de sous-dossier et fichier) -> OK
then propagate permissions to all sub folders in "Shared Document" by
select the second line
Replace permission entries on all child objects...

b) on all sub-folders except the "Music sub-folder"
remove the propagated default permissions
always using Security tab,
in column Refuse, set
Read and execution (Lecture et exécution)
Display folder (Affichage du contenu du dossier)
Read (Lecture)

_note the SID for the 5 accounts

Linux side:
_for each /home/user make links to the "My Documents" and the "Shared Documents" on D:
_in each ~/.bashrc
change the umask to 002 for the 5 accounts
_on the "Shared Documents", set the rigth permissions to have only read on "Music sub-folder" for the guest
_make a group Family and put in the user's Uid except the guest Uid
_set a .NTFS-3G folder on the D: partition and make the UserMapping file according to Uid, Gid and previously noted SID
_at the end, set the Windows system C: partition to read only in fstab

Used UseMapping file:
Code:
500::S-1-5-21-1409082233-606747145-839522115-1003
501::S-1-5-21-1409082233-606747145-839522115-1004
502::S-1-5-21-1409082233-606747145-839522115-1005
503::S-1-5-21-1409082233-606747145-839522115-1006
504::S-1-5-21-1409082233-606747145-839522115-1010
:1001:S-1-5-21-1409082233-606747145-839522115-513
::S-1-5-21-1409082233-606747145-839522115-10000

500 to 503=Uid users in the family, 504=Guest Uid
Each Uid is followed by respective Windows SID
1001=Gid Famille group followed by the Windows "None" group SID
Last line mandatory for unexpected user

Linux permissions on the "Shared Documents" space folders
Code:
[alexandra@localhost win_d]$ ll
drwxrwxr-x 1 root      famille  4096 2010-01-23 17:41 CommunsFamille/
[alexandra@localhost CommunsFamille]$
drwxrwx--- 1 root famille 12288 2010-01-29 17:33 DocumentsFamille/
drwxrwx--- 1 root famille     0 2010-01-22 00:17 ImagesFamille/
drwxrwxr-x 1 root famille  4096 2010-01-26 08:16 MusiqueFamille/
drwxrwx--- 1 root famille     0 2010-01-23 16:45 VidéosFamille/

Linux permissions on each "My Documents" space folders
Code:
drwx------ 1 alexandra famille  4096 2010-01-12 17:53 alexandra/
drwx------ 1 marie     famille  4096 2010-01-23 12:25 marie/
drwx------ 1 melissa   famille  4096 2010-01-26 23:52 melissa/
drwx------ 1 william   famille  4096 2010-01-26 23:31 william/
drwxrwxrwx 1 zinvite   famille  4096 2010-01-27 00:14 zinvite/

Linux links to Windows partition D: (same for each user, ex for marie)
Code:
drwxr-xr-x 2 marie famille  4096 2010-01-22 22:38 Bureau/
lrwxrwxrwx 1 root  famille    25 2010-01-01 12:28 CommunsFamille -> /mnt/win_d/CommunsFamille/
lrwxrwxrwx 1 marie famille    26 2010-01-01 12:28 Documents -> /mnt/win_d/marie/Documents/
lrwxrwxrwx 1 marie famille    23 2010-01-01 12:28 Images -> /mnt/win_d/marie/Images/
lrwxrwxrwx 1 marie famille    24 2010-01-01 12:28 Musique -> /mnt/win_d/marie/Musique/
lrwxrwxrwx 1 marie famille    34 2010-01-01 12:28 Téléchargements -> /mnt/win_d/marie/Téléchargements/
lrwxrwxrwx 1 marie famille     4 2010-01-01 12:28 tmp -> /tmp/
lrwxrwxrwx 1 marie famille    24 2010-01-01 12:28 Vidéos -> /mnt/win_d/marie/Vidéos/


Results on Linux side after built files side XP and side Linux:
on the "Shared Documents" space files
Code:
-rw-rw-r-- 2 alexandra famille    0 2010-01-29 20:27 alexandraXP28.txt
-rw-rw-r-- 2 marie     famille    0 2010-01-29 22:28 marieXP28.txt
-rw-rw-r-- 2 melissa   famille    0 2010-01-29 22:30 melissaXP28.txt
-rw-rw-r-- 2 william   famille    0 2010-01-29 22:32 williamXP28.txt
-rw-rw-r-- 1 alexandra famille    0 2010-01-29 22:46 alexandraLinux28.txt
-rw-rw-r-- 1 marie     famille    0 2010-01-29 22:53 marieLinux28.txt
-rw-rw-r-- 1 melissa   famille    0 2010-01-29 23:04 melissaLinux28.txt
-rw-rw-r-- 1 william   famille    0 2010-01-29 23:05 williamLinux28.txt

same permissions for files built on XP or Linux side readable, writable for all member in the family, only readable for other according to permissions on "Shared Documents", in fact only readable in"sub-folder Music"
=> requirements OK

on each "My Documents" space folders
Code:
-rwx------ 2 alexandra famille 0 2010-01-29 20:27 alexandraXP28.txt*
-rw-rw-r-- 1 alexandra famille 0 2010-01-29 22:45 alexandraLinux28.txt
-rw------- 2 marie     famille 0 2010-01-29 23:49 marieXP28.txt
-rw-rw-r-- 1 marie     famille 0 2010-01-29 22:54 marieLinux28.txt
-rwx------ 2 melissa   famille 0 2010-01-29 22:31 melissaXP28.txt*
-rw-rw-r-- 1 melissa   famille 0 2010-01-29 23:04 melissaLinux28.txt
-rwx------ 2 william   famille 0 2010-01-29 22:32 williamXP28.txt*
-rw-rw-r-- 1 william   famille 0 2010-01-29 23:06 williamLinux28.txt
-rwxr-xr-x 2 zinvite   famille 0 2010-01-29 22:33 zinviteXP28.txt*
-rw-rw-rw- 1 zinvite   zinvite 0 2010-01-29 23:08 zinviteLinux28.txt

permission differences between files built side XP and Linux,
side Linux for the family' members, like already said, an user X cannot read file built by user Y because X cannot open the Y parent directory
(true also side Windows, and also permissions=-rwx------ are better than -rw-rw-r--)
All user can only read the files built by the guest zinvite
=> requirements OK, even if I do not know why -rw------- instead of -rwx------ for marie

extracts from /etc/group, /etc/passwd and /etc/fstab
Code:
famille:x:1001:alexandra,william,melissa,marie

alexandra:x:500:1001:alexandra:/home/alexandra:/bin/bash
william:x:501:1001:william:/home/william:/bin/bash
melissa:x:502:1001:melissa:/home/melissa:/bin/bash
marie:x:503:1001:marie:/home/marie:/bin/bash
zinvite:x:504:504:zinvite:/home/zinvite:/bin/bash

# Entry for /dev/sda3 :
UUID=40A9D9F14DCE15D9 /mnt/win_c ntfs-3g ro 0 0
# Entry for /dev/sda6 :
UUID=08C7869C23285E01 /mnt/win_d ntfs-3g iocharset=utf8,codepage=850 0 0


Sat Jan 30, 2010 18:27
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

That is a great example !
May I borrow it for the advanced ntfs-3g website ?

Quote:
=> requirements OK, even if I do not know why -rw------- instead of -rwx------ for marie

Do you mean the following file, created on marie's "My Documents" ?
Code:
-rw------- 2 marie     famille 0 2010-01-29 23:49 marieXP28.txt

This is a file created on Windows, so its initial protections are inherited from its parent directories. You should check (on Windows) the permissions on marie's "My Documents" directory whether the "inheritance" flag is set.

Note : a possible reason for this is that the directory was created on Linux. By default the execution is not inherited from directories created on Linux (see viewtopic.php?f=2&t=1294)

Regards

Jean-Pierre


Sat Jan 30, 2010 19:18
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

yes, you can borrow!
Do you refer to originator?

Else, yes the execution x was missing only for only built files on XP by the marie account

Side XP, when I compared the inherited flag on marie account and a rigth another:
no difference, and in all cases flag on the first line
Inherit from parent the permission entries...
was not selected.

But, I remembered pb I had on XP due to shift from "My Documents" from C: to D:
http://www.informatruc.com/forum/topic30286.html

So, I come back the marie's "My Documents" to the C: partition
then shift to D:,
falled in same annex "confidential " problem described in link above
return to C: then to D:

Finally, after big fright because XP froze at startup during trial
the x is now present on XP built files seen on Linux side

Code:
-rwx------ 2 marie famille 0 2010-01-30 19:15 marieXPC29.txt*
-rwx------ 2 marie famille 0 2010-01-30 19:27 marieXPD29.txt*
-rwx------ 2 marie famille 0 2010-01-30 19:34 marieXPD29-1.txt*
-rw-rw-r-- 1 marie famille 0 2010-01-30 20:37 marieLinux29.txt

D built file on D: partition
C built file on C partition

During manipulation I saw the flag on
Inherit from parent the permission entries...
was set when "My Documents" was on C: and no set after shift to D:

Also, the permission for the previously file built on Linux
Code:
-rw-rw-r-- 1 marie     famille 0 2010-01-29 22:54 marieLinux28.txt

become
Code:
-rwx------ 2 marie famille 0 2010-01-29 22:54 marieLinux28.txt*

after the shifts...but no problem with that

I think this PC is ready to be delivered tomorrow...I hope
So, thanks a new time Jean-Pierre


Sat Jan 30, 2010 22:31
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

Quote:
yes, you can borrow!

Thank you.

Quote:
Do you refer to originator?

I will of course mention the source... according to what I know and am allowed to disclose (id on the forum, first name, full name...). You can use the PM on this forum for private information.

Regards

Jean-Pierre


Sun Jan 31, 2010 13:05
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hello Jean-Pierre,

is my "great example" always up to date because I did not retrieve it on your advanced ntfs-3g website?
Thanks
This question because I want to do the same thing today, near 4 years after!


Sun Jul 06, 2014 22:33
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

Quote:
is my "great example" always up to date because I did not retrieve it on your advanced ntfs-3g website?

It was dropped while doing a global reorganization. I have recovered a copy from my archives, see attachment.
Quote:
This question because I want to do the same thing today, near 4 years after!

You will probably have to adapt to what has been changed, especially if you are using Windows 8, but the basic configurations are the same (check http://jp-andre.pagesperso-orange.fr/permissions.html)

Regards

Jean-Pierre


Attachments:
example.zip [5.51 KiB]
Downloaded 805 times
Mon Jul 07, 2014 12:34
Profile

Joined: Sun Jan 03, 2010 12:37
Posts: 9
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Thanks Jean-Pierre,
but do you thinking to display it on the website?
Else, I am not using Windows8 but always XP and maybe Windows7,
in this case, I hope it will be possible to share MyDocuments between Linux, XP ans Seven!


Mon Jul 07, 2014 13:35
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: How use MyDocuments and Shared Documents on Linux like on XP
Hi,

Quote:
but do you thinking to display it on the website?

Maybe some day, but it should be simplified, also a variant should be added for Windows 8...
Quote:
I am not using Windows8 but always XP and maybe Windows7,
in this case, I hope it will be possible to share MyDocuments between Linux, XP ans Seven!

The permissions on Windows 7 are similar to the ones on XP, you just have to adapt to a slightly different file tree.

Regards

Jean-Pierre


Mon Jul 07, 2014 17:35
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ] 


Who is online

Users browsing this forum: Google [Bot] and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.