FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Sat Jan 16, 2021 04:48



Post new topic Reply to topic  [ 51 posts ]  Go to page 1, 2, 3  Next
Unable to mount without root 
Author Message

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post Unable to mount without root
Alright, I have read the FAQ and tried the second option (the one using chmod 4750) since the first was risky, and I still cannot mount my NTFS partition as anybody except root. The system is nothing special, just an Acer Aspire 5102WLMi laptop running Debian Etch and XP Pro x64 Edition. I just today compiled and installed fuse 2.7.1 and ntfs-3g 1.1120. My first goal was just to mount the drive, and at first I was getting permission denial errors as my normal user, but now hat did the chmod fix on this site, I get no error but the drive never mounts.

Before I ask for any help though, I should state that I created a group called "ntfsusers" that I intend on using to grant mount permission in the long-run. This way if I allow a friend on the machine under a new account, they cannot mount my XP partition. So how would I setup mounting in this fashion? My fstab is pasted below,
Code:
# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/hda1       /               ext3    defaults,errors=remount-ro 0       1
/dev/hda2       none            swap    sw              0       0
/dev/hda3       /media/windows ntfs-3g rw,user,noauto    0       0
/dev/hdb        /media/cdrom0   udf,iso9660 user,noauto     0       0


Fri Nov 30, 2007 01:38
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
What's the output of

ntfs-3g /dev/hda3 /media/windows
cat /proc/mounts
ls -l $(which ntfs-3g)


Fri Nov 30, 2007 01:52
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
As my normal user:
Code:
sephiroth@AcerLaptop:~$ ntfs-3g /dev/hda3 /media/windows
bash: /bin/ntfs-3g: Permission denied
sephiroth@AcerLaptop:~$


As root:
Code:
AcerLaptop:~# ntfs-3g /dev/hda3 /media/windows
AcerLaptop:~# cat /proc/mounts
rootfs / rootfs rw 0 0
none /sys sysfs rw 0 0
none /proc proc rw 0 0
udev /dev tmpfs rw 0 0
/dev/hda1 / ext3 rw,data=ordered 0 0
/dev/hda1 /dev/.static/dev ext3 rw,data=ordered 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid 0 0
usbfs /proc/bus/usb usbfs rw,nosuid,nodev,noexec 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,nosuid,noexec 0 0
fusectl /sys/fs/fuse/connections fusectl rw 0 0
/dev/hda3 /media/windows fuseblk rw,nosuid,nodev,user_id=0,group_id=0,allow_other 0 0
AcerLaptop:~# ls -l $(which ntfs-3g)
-rwsr-x--- 1 root ntfsusers 122582 2007-11-29 12:51 /bin/ntfs-3g
AcerLaptop:~#


Also, I must say that it's impressive to see a lead developer responding to forum posts, especially on such a large project. You don't get that on most payware product forums.


Fri Nov 30, 2007 01:56
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
Everything looks fine. The mounting user is either not in the ntfsusers group or you didn't login/logoff, so it wasn't taken in use yet.


Fri Nov 30, 2007 13:38
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I had logged in and out several times while testing my own tools to crack WEP/WPA networks since I have made them for the shell, and prefer to test at the true shell as root. However, I just now booted the laptop for the first time today and it worked, which leads me to believe that I had to reboot for the changes to take effect.

I do have one final question though. What exactly did I modify when I followed your FAQ instructions and did "chmod 4750 $(where ntfs-3g)"? I am assuming it modded every file with ntfs-3g in the name to 4750. If this is the case, what was the default value in case I ever need to revert to it? Oh, and since I did that modification, will ntfs-3g still honor the "noexec" parameter in fstab?


Fri Nov 30, 2007 18:02
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
> What exactly did I modify when I followed your FAQ instructions and did
> "chmod 4750 $(where ntfs-3g)"? I am assuming it modded every file with
> ntfs-3g in the name to 4750.

No. The ntfs-3g permission was changed to 4750 (rwsr-x---), so only the configured user in the group can mount.

> If this is the case, what was the default value in case I ever need to
> revert to it?

755

> Oh, and since I did that modification, will ntfs-3g still honor the "noexec"
> parameter in fstab?

Yes, it's still honored.


Fri Nov 30, 2007 18:43
Profile

Joined: Sun Jan 27, 2008 11:02
Posts: 3
Post 
Hi, everybody,

I've got a similar problem. Before asking questions I did a modest research and I'm curious. Where is FAQ which the author of this tread is referring to? Where is ntfs-3g manual? Even Google presented me only with the ntfs-3g main page where the manual is just mentioned (no link).

The history:

PCLinuxOS system, ntfs-3g driver from it's repository; everything is fine up to a certain moment, coinciding with the installation of VirtualBox. Now I can mount and access my NTFS partition only as root. The only think I can put my finger on is the absence of ntfsusers group on my machine. Is it mandatory? Maybe a bug in the VirtualBox package destroyed the group, or something like that?

Any suggestions?

Best regards, Alexey


Sun Jan 27, 2008 12:36
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post Unable to mount without root
On Sun, 27 Jan 2008, Alexey931 wrote:

Quote:
I've got a similar problem. Before asking questions I did a modest
research and I'm curious. Where is FAQ which the author of this tread is
referring to?

On the NTFS-3G web site. This question is answered at http://ntfs-3g.org/support.html#useroption

Quote:
Where is ntfs-3g manual?

Installed on your computer. Type 'man ntfs-3g' or use any of your favorite
tool to search and browse the OS manuals.


Sun Jan 27, 2008 12:55
Profile

Joined: Sun Jan 27, 2008 11:02
Posts: 3
Post 
Quote:
Installed on your computer.
:lol:

Thanks!


Sun Jan 27, 2008 13:52
Profile

Joined: Sun Jan 27, 2008 11:02
Posts: 3
Post 
After applying

# chown root $(which ntfs-3g)
# chmod 4755 $(which ntfs-3g)

I can user-mount my NTFS partition, but unmounting can still be done only with root privileges. I can live with that, but it isn't pretty :) . Is there a way to streamline it?

Grateful in advance, Alexey


Mon Jan 28, 2008 13:21
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
The umount utility is broken unfortunately but 'fusermount -u <mountpoint>' should work.


Mon Jan 28, 2008 22:40
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I hate to dig up an old thread, but I am experiencing this AGAIN on a Dell XPS laptop running Debian Etch 32bit, FUSE 2.7.3, and NTSF-3G 1.2712. I have done the normal "chown" and "chmod" commands in the FAQ, rebooted, and still no luck. Only root can mount and unmount the partition. My user is a member of the "ntfsusers" group, and "chown root:ntfsusers $(which ntfs-3g)" should have set that. I have done that and the chmod line with both 4750 and 4755, and rebooted, and neither works. What in the world is wrong?


Wed Jul 23, 2008 05:32
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
Thought I would post the problem from the machine with the problem! These are pasted right out of the konsole window, being run as the regular user. As you can see, everything appears right, but it isn't working. This user is in the "ntfsusers" group, according to kuser.

Mounting attempts:
Code:
user@XPS:~$ mount /dev/sda3
Error opening '/dev/sda3': Permission denied
Failed to mount '/dev/sda3': Permission denied
Please check '/dev/sda3' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
http://ntfs-3g.org/support.html#unprivileged
user@XPS:~$ ntfs-3g /dev/sda3 /media/windows
Error opening '/dev/sda3': Permission denied
Failed to mount '/dev/sda3': Permission denied
Please check '/dev/sda3' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
http://ntfs-3g.org/support.html#unprivileged


Permissions:
Code:
user@XPS:~$ ls -l $(which ntfs-3g)
-rwsr-x--- 1 root ntfsusers 98392 2008-07-20 22:40 /bin/ntfs-3g


Mount info:
Code:
user@XPS:~$ cat /proc/mounts
rootfs / rootfs rw 0 0
none /sys sysfs rw 0 0
none /proc proc rw 0 0
udev /dev tmpfs rw 0 0
/dev/sda1 / ext3 rw,data=ordered 0 0
/dev/sda1 /dev/.static/dev ext3 rw,data=ordered 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid 0 0
usbfs /proc/bus/usb usbfs rw,nosuid,nodev,noexec 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,nosuid,noexec 0 0
fusectl /sys/fs/fuse/connections fusectl rw 0 0


So what in the world could be causing this? I have been held up for three days with this laptop due to this problem. I need to finish this and get it back to the user, but it just plain refuses to work!


Wed Jul 23, 2008 18:01
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post 
Hi,

According to the FAQ :

Quote:
Unprivileged block device mounts work only if NTFS-3G is compiled with integrated FUSE support, the ntfs-3g binary is at least version 1.2506, set to setuid-root, and the user has access rights to the volume and mount point.


Did you check all the conditions ?

I see no indications for :

ls -l /dev/sda3
ls -ld /media/windows
grep ntfsusers /etc/group

Regards

Jean-Pierre


Wed Jul 23, 2008 19:22
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
The device "sda3" is owned by "root:disk", like all the other sda partitions. The mount-point "/media/windows" is a copy of "/media/cdrom0", which has worked on the AMD64 build. As for the group results, it only contains the user account name, as that person is the only user. I also checked gshadow, and that user is the only one in the group there as well.


Wed Jul 23, 2008 20:17
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post 
Hi,

Quote:
The device "sda3" is owned by "root:disk"


If the mode is the usual 640 no user can access it. You may want to grant access to group ntfsuser by :
setfacl -m g:ntfsuser:rw /dev/sda3

The same might go for /media/windows

Regards

Jean-Pierre


Wed Jul 23, 2008 21:11
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
That shouldn't be the issue. This laptop is also running Debian Etch and NTFS-3G, and I just checked the three partitions. The root user and disk group own all three here also, and this normal account I am posting with can mount and unmount the "hda3" partition with ease. Note that this laptop has an older PATA HDD, so they are hda, and the new laptop has SATA, which is sda. I followed the exact same steps on both laptops and this one works while the other one doesn't, which is driving me insane.

This laptop:
Code:
AcerLaptop:~# cd /dev
AcerLaptop:/dev# l hda*
brw-rw---- 1 root disk 3, 0 2008-07-23 18:20 hda
brw-rw---- 1 root disk 3, 1 2008-07-23 18:20 hda1
brw-rw---- 1 root disk 3, 2 2008-07-23 18:20 hda2
brw-rw---- 1 root disk 3, 3 2008-07-23 18:20 hda3
AcerLaptop:/dev#


Dell XPS Laptop:
Code:
XPS:~# cd /dev
XPS:/dev# l sda*
brw-rw---- 1 root disk 8, 0 2008-07-23 18:20 sda
brw-rw---- 1 root disk 8, 1 2008-07-23 18:20 sda1
brw-rw---- 1 root disk 8, 2 2008-07-23 18:20 sda2
brw-rw---- 1 root disk 8, 3 2008-07-23 18:20 sda3
XPS:/dev#

As you can see, they're identical, except the "3" is "8" on the new system. Not sure what that indicates, as I normally don't play around in /dev! Still, the permissions are the same. I also checked and /media/cdrom0 and /media/windows have identical permissions. I can mount CDROMs, but not the NTFS partition.

If it matters, both laptops are setup with hda1 being ext3 for Debian, hda2 as a 2GB swap partition, and hda3 as an NTFS system with XP Pro 32bit on the XPS and XP Pro x64 on this one. We use Linux for work and for keeping an image of a fresh install of XP on the third partition. This way we can simply copy our data files to a backup server or shared folder, restore the image, perform a Windows Update, make a new image, copy our data files back, and we're up and running with a clean install as if we'd done a full day of formatting and such!


Thu Jul 24, 2008 04:37
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
> That shouldn't be the issue.

Exactly that's the issue what Jean-Pierre told. This is how the functionality was design, implemented and documented: http://www.ntfs-3g.org/support.html#useroption

Earlier NTFS-3G versions didn't require this which was a security hole, so we fixed it.

Regards, Szaka


Thu Jul 24, 2008 10:52
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
So what version first implemented this fix? I know that this version is newer than the one on the XPS laptop (I am on the Acer laptop now), but I didn't think that it was very old. I also find it odd that one can mount a CD/DVD device with the same permissions as the HD device, but not the HD device. Why is that? Oh and what exactly is the command he posted above, I have never seen it before and am leary about using it on my system until I know what it does.


Thu Jul 24, 2008 17:13
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
Just wanted to say that I found information on that command and understand it now. I haven't had to use it in eons, but after reading about it, something in the back of my mind screams at me from my *shudder* RedHat days. Oh and this laptop is using version 1.1120 of NTFS-3G. Is this prior to the security fix?


Thu Jul 24, 2008 17:24
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I hate to make a third post, but I cannot edit my own posts, and I have another problem. The command "setfacl" is apparently not valid in Debian Etch, and a quick search for "setfacl" with the package-manager returned nothing. So what do I do?


Thu Jul 24, 2008 17:33
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
Alright I found it as a package. However, after installing and attempting to use the exact command posted above, I get "/dev/sda3: operation not supported". Maybe Debian doesn't use ACL in the stock kernel or something? Do I have to play with ACLs to make this work? It is turning out to be one gigantic headache and time-killer just to make it work at all. I didn't have to modify the ACL for other partitions or CD/DVD devices to allow the user on that machine to mount/unmount them, so why on earth would this one be different?


Thu Jul 24, 2008 17:45
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I wanted to note that all of my Linux systems (all are Debian Etch) appear to have 660 as the default for all devices, including /dev/sda3. I have tried using 666, but my user still cannot mount the device. I also have no way of knowing whether or not my kernel supports ACL, but I cannot get setfacl to work at all, on any file. I am assuming that my kernel does not support ACL at this point, which is fine by me. How else can I get this device mountable by a normal user?


Thu Jul 24, 2008 19:54
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post 
Hi,

Quote:
I have tried using 666, but my user still cannot mount the device


Do you still get "/dev/sda3': Permission denied" ?

And are you sure the user can access the mount point ?

I suggested using an ACL, which is the way fedora/gnome uses to grant access to local devices (printer, cdrom, audio, etc.) only to the user logged on the desktop. I have made a try with a Knoppix live-cd (based on Debian, with no apparent ACL support) and KDE. For the same purpose, it apparently puts the user logged on the desktop into groups audio, cdrom etc. You might do the same way, putting your specific user into group disk.

Regards

Jean-Pierre


Thu Jul 24, 2008 21:52
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
The other systems that use your program do not have the users in the "disk" group and they have no problems. I did try that earlier though, and I then got an error about not being able to access "/media/windows". Knowing that was utter BS, I mounted the partition as root, then went right into that directory as my user and proceeded to delete the pagefile and hibernation file. My user had full read/write access as intended, but is unable to mount the partition.

This leads me to believe that there is a bug in the mounting utility provided by either FUSE or NTFS-3G on a system without ACL. If not, I am lost. The user can access "/media/windows" and "/media/cdrom" even though they're both owned by root:root, yet NTFS-3G doesn't see things this way and if my user is in the disk group, will complain about it. If I remove her from the disk group, she can't even get that far.


Thu Jul 24, 2008 22:23
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 51 posts ]  Go to page 1, 2, 3  Next


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.