 |
|
Page 1 of 1
|
[ 10 posts ] |
|
Usermapping Windows Vista <-> Ubuntu
Author |
Message |
UlfZibis
Joined: Mon Mar 31, 2014 13:43 Posts: 113
|
 Usermapping Windows Vista <-> Ubuntu
Hi, on Ubuntu I have compiled and installed version 2015.3.14. On http://jp-andre.pagesperso-orange.fr/pe ... sermapping you say one should use: Code: # Typical pattern of a user mapping file for Windows 7 and earlier # All users are in the same primary group 1000::S-1-5-21-1833069642-4243175381-1340018762-1002 1001::S-1-5-21-1833069642-4243175381-1340018762-1008 :500:S-1-5-21-1833069642-4243175381-1340018762-513 On Ubuntu there is no gid 500, so now I don't know which gid I should use here. On Ubuntu the primary group of each user is different, i.e. is the user itself: Code: user1@Ubuntu:~$ id uid=1000(user1) gid=1000(user1) Gruppen=1000(user1),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare) user2@Ubuntu:~$ id uid=1001(user2) gid=1001(user2) Gruppen=1001(user2),4(adm),24(cdrom),30(dip),46(plugdev),108(lpadmin),124(sambashare)
Do you think the following would help instead: Code: ::S-1-5-21-1833069642-4243175381-1340018762-10000
|
Thu Apr 23, 2015 03:02 |
|
 |
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22 Posts: 1286
|
 Re: Usermapping Windows Vista <-> Ubuntu
Hi, Quote: On Ubuntu the primary group of each user is different, i.e. is the user itself That is the standard Ubuntu situation : each user has his/her own primary group, whose id is the same as the user id. But on Windows 7 (and earlier), all users are in the same group, so you cannot match them to Ubuntu users created with standard settings. You have to group the users on Ubuntu the same way as they are on Windows. To do that, you have to recreate both users on Ubuntu with the same primary group (for instance gid=1999). You may keep the current uid 1000 and 1001 and gid 1000 and 1001 as supplementary groups, so that you need not change the ownership and permissions of existing files. This should be something similar to : Code: # From memory, make your OWN CHECKS first # as root : userdel user1 userdel user2 groupadd -f -g 1999 commongroup groupadd -f -g 1000 user1 groupadd -f -g 1001 user2 useradd -u 1000 -g 1999 -G 1000 -d /home/user1 user1 passwd user1 useradd -u 1001 -g 1999 -G 1001 -d /home/user2 user2 passwd user2 Doing that, your UserMapping file would probably be : Code: 1000::S-1-5-21-1833069642-4243175381-1340018762-1002 1001::S-1-5-21-1833069642-4243175381-1340018762-1008 :1999:S-1-5-21-1833069642-4243175381-1340018762-513 ::S-1-5-21-1833069642-4243175381-1340018762-10000 The last line is not mandatory, it may help in some circumstances. As new files created by user1 and user2 will be in the same group, you may want to set umask to 0700 if you do not want users to access other users' files. Regards Jean-Pierre
|
Thu Apr 23, 2015 21:48 |
|
 |
UlfZibis
Joined: Mon Mar 31, 2014 13:43 Posts: 113
|
 Re: Usermapping Windows Vista <-> Ubuntu
Hi jpa, thanks for your suggestion. When solving the problem as you say, I see a another problem. Doesn't this hurt the security concept of Ubuntu? When all users have the same gid as primary group, then all users have access to the data of the other users, if I understand right. Another problem is, that the existing data of those users is assigned to there groups 1000/1001, so after changing the primary groups, the access rights situation to the existing data would change too. So please let me suggest another proposal: You maybe could add an additional syntax to the usermapping like: Code: ?:*:S-1-5-21-1833069642-4243175381-1340018762-513 This should be treated as: Map this group SID to the equivalent gid of each users sid. An alternative could be: It seems, that the SID S-1-5-21-x-y-z-513 is always the default group SID on Windows. So it may be not explicitly mapped by .NTFT-3G/UserMapping, so it could be implicitly mapped to Ubuntu's gid's if there is no mapping given in .NTFT-3G/UserMapping. ... same as root gid is always implicitly mapped to S-1-5-32-544
|
Thu Apr 23, 2015 22:51 |
|
 |
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22 Posts: 1286
|
 Re: Usermapping Windows Vista <-> Ubuntu
Hi, Quote: Code: ?:*:S-1-5-21-1833069642-4243175381-1340018762-513 This should be treated as: Map this group SID to the equivalent gid of each users sid. This is trying to guess the gid from the owner of the file. So this is assuming all permissions are related to the owner or to other, which is a restriction to using groups for sharing files. Also do not forget the group mapping issue disappears when using Windows 8. Regards Jean-Pierre
|
Fri Apr 24, 2015 20:49 |
|
 |
UlfZibis
Joined: Mon Mar 31, 2014 13:43 Posts: 113
|
 Re: Usermapping Windows Vista <-> Ubuntu
jpa wrote: This is trying to guess the gid from the owner of the file. Correct. Quote: So this is assuming all permissions are related to the owner or to other, which is a restriction to using groups for sharing files. Do you mean the sharing on Windows? I never saw that for my data under Windows user profiles. ... and what could be the risk? And even if there is a disadvantage, the responsibility on using such an additional feature would remain to the user. Other problems from following your suggestion: The Linux primary group facility would be blocked for other usage, just only upon the NTFS-mapping. Additionally the umask settings must be changed to avoid write access from one user to the data of another user. Quote: Also do not forget the group mapping issue disappears when using Windows 8. Well, but Windows XP ... 7 systems do not disapear so soon. Regards
|
Mon Apr 27, 2015 19:30 |
|
 |
UlfZibis
Joined: Mon Mar 31, 2014 13:43 Posts: 113
|
 Re: Usermapping Windows Vista <-> Ubuntu
Hi again, I did some tries with inherit in fstab and: Code: 1000::S-1-5-21-1833069642-4243175381-1340018762-1002 1001::S-1-5-21-1833069642-4243175381-1340018762-1008 ::S-1-5-21-1833069642-4243175381-1340018762-10000 Results: Files created from 1000 on Ubuntu get group SID and on another login -12002, on Ubuntu they appear with gid 1000, looks fine! Files created from 1001 on Ubuntu get group SID -12003, on Ubuntu they appear with gid 1001, looks fine! Files created from Windows, on Ubuntu they appear with gid 0, looks fine! I guess, if I add: Code: :1999:S-1-5-21-1833069642-4243175381-1340018762-513 all would behave same except the files created from Windows would appear on Ubuntu with gid 1999, even if I not set 1999 as primary group for 1000/1 on Ubuntu, which would be fine too. So when it is possible to create SID -12001/2/3 from unmapped gid 1000/1, I do not understand, why it should not be possible to create SID -513. Regards, Ulf
|
Fri May 01, 2015 22:24 |
|
 |
UlfZibis
Joined: Mon Mar 31, 2014 13:43 Posts: 113
|
 Re: Usermapping Windows Vista <-> Ubuntu
Correction, I meant: Files created from 1000 on Ubuntu get group SID -12001 and on another login -12002, ...
|
Sat May 02, 2015 18:25 |
|
 |
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22 Posts: 1286
|
 Re: Usermapping Windows Vista <-> Ubuntu
Hi, Quote: Files created from 1000 on Ubuntu get group SID and on another login -12002, on Ubuntu they appear with gid 1000, looks fine! Files created from 1001 on Ubuntu get group SID -12003, on Ubuntu they appear with gid 1001, looks fine! This is under control of your special last line of UserMapping. When a uid is not mapped, the associated SID is what is shown on this line plus 2*uid, and when a gid is not mapped, the associated SID is what is shown on this line plus 2*gid + 1. For example, VirtualBox require that its users be in group vboxusers. If vboxusers is 497, the corresponding SID would be -10000 + 2*497 + 1 = 10995. Such SIDs are meaningless on Windows and cannot be used for permission interoperability (and VirtualBox on Windows has no vboxusers need). So, when you get -12002 this is unmapped uid 1001, when you get -12003 this is unmapped gid 1001. Quote: So when it is possible to create SID -12001/2/3 from unmapped gid 1000/1, I do not understand, why it should not be possible to create SID -513. This is because different SIDs must map to different gids and conversely. In other words, when users are in the same Windows group, they must also be in the same Linux primary group; when they are in different Windows groups, they must also be in different Linux primary groups. Note SID -12002 means uid 1001 (not gid 1001). Regards Jean-Pierre
|
Mon May 04, 2015 17:29 |
|
 |
UlfZibis
Joined: Mon Mar 31, 2014 13:43 Posts: 113
|
 Re: Usermapping Windows Vista <-> Ubuntu
jpa wrote: This is because different SIDs must map to different gids and conversely. I do not understand this, why is this mandatory? If there is no UserMapping and no permissions option, all SIDs are mapped to the same gid 0.
|
Sun May 31, 2015 15:44 |
|
 |
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22 Posts: 1286
|
 Re: Usermapping Windows Vista <-> Ubuntu
Hi, Quote: Quote: This is because different SIDs must map to different gids and conversely. I do not understand this, why is this mandatory? It is a strong assumption in ntfs-3g that users are organized the same way in Windows and Linux. Otherwise you cannot grant or deny access according to group membership. Quote: If there is no UserMapping and no permissions option, all SIDs are mapped to the same gid 0. And they cannot be translated back to the original SID when a file is copied or edited. So, you cannot filter access to the copy according to its permissions. Regards Jean-Pierre
|
Tue Jun 02, 2015 12:25 |
|
|
|
Page 1 of 1
|
[ 10 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 3 guests |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|
 |