FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Fri Feb 26, 2021 03:08



Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3  Next
Unable to mount without root 
Author Message
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
What are the outputs of

ntfs-3g --help
ntfs-3g /dev/sda3 /media/windows
id
ls -l /dev /dev/sda3
ls -ld /media /media/windows
ls -l $(which ntfs-3g)


Thu Jul 24, 2008 23:02
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I will post those just as soon as that system finishes creating an image of the NTFS partition. Should be about an hour. You can find most of that information in my prior posts. I thought that it may be needed and as such posted it. I'll repost it all when partimage finishes unless I see something else here.


Thu Jul 24, 2008 23:37
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
Here's the info, with the username excluded for privacy reasons.
Code:
@XPS:~$ ntfs-3g --help

ntfs-3g 1.2712 integrated FUSE 27 - Third Generation NTFS Driver

Copyright (C) 2006-2008 Szabolcs Szakacsits
Copyright (C) 2005-2007 Yura Pakhuchiy

Usage:    ntfs-3g <device|image_file> <mount_point> [-o option[,...]]

Options:  ro (read-only mount), force, remove_hiberfile, locale=,
          uid=, gid=, umask=, fmask=, dmask=, streams_interface=.
          Please see the details in the manual.

Example:  ntfs-3g /dev/sda1 /mnt/win -o force

Ntfs-3g news, support and information:  http://ntfs-3g.org

@XPS:~$ ntfs-3g /dev/sda3 /media/windows
Error opening '/dev/sda3': Permission denied
Failed to mount '/dev/sda3': Permission denied
Please check '/dev/sda3' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
http://ntfs-3g.org/support.html#unprivileged

@XPS:~$ id
uid=1000() gid=1000() groups=24(cdrom),29(audio),44(video),46(plugdev),100(users),104(netdev),106(powerdev),107(ntfsusers),1000()

@XPS:~$ ls -l /dev /dev/sda
brw-rw----  1 root disk 8, 0 2008-07-24 14:44 /dev/sda

/dev:
total 0
crw-rw---- 1 root audio    14,   12 2008-07-24 14:44 adsp
crw-rw---- 1 root video    10,  175 2008-07-24 14:44 agpgart
crw-rw---- 1 root audio    14,    4 2008-07-24 14:44 audio
crw-rw---- 1 root audio    14,   20 2008-07-24 14:44 audio1
drwxr-xr-x 3 root root           60 2008-07-24 14:44 bus
lrwxrwxrwx 1 root root            4 2008-07-24 14:44 cdrom -> scd0
lrwxrwxrwx 1 root root            4 2008-07-24 14:44 cdrw -> scd0
crw------- 1 root root      5,    1 2008-07-24 18:44 console
lrwxrwxrwx 1 root root           11 2008-07-24 14:44 core -> /proc/kcore
drwxr-xr-x 6 root root          120 2008-07-24 14:44 disk
crw-rw---- 1 root audio    14,    3 2008-07-24 14:44 dsp
crw-rw---- 1 root audio    14,   19 2008-07-24 14:44 dsp1
lrwxrwxrwx 1 root root            4 2008-07-24 14:44 dvd -> scd0
lrwxrwxrwx 1 root root            4 2008-07-24 14:44 dvdrw -> scd0
lrwxrwxrwx 1 root root           13 2008-07-24 14:44 fd -> /proc/self/fd
crw-rw-rw- 1 root root      1,    7 2008-07-24 14:44 full
crw-rw-rw- 1 root root     10,  229 2008-07-24 18:44 fuse
crw-rw---- 1 root root     10,  228 2008-07-24 14:44 hpet
prw------- 1 root root            0 2008-07-24 14:44 initctl
drwxr-xr-x 4 root root          320 2008-07-24 18:45 input
crw-r----- 1 root kmem      1,    2 2008-07-24 14:44 kmem
crw-rw---- 1 root root      1,   11 2008-07-24 14:44 kmsg
srw-rw-rw- 1 root root            0 2008-07-24 18:44 log
drwxr-xr-x 2 root root           60 2008-07-24 14:44 loop
brw-rw---- 1 root disk      7,    0 2008-07-24 18:44 loop0
brw-rw---- 1 root disk      7,    1 2008-07-24 18:44 loop1
brw-rw---- 1 root disk      7,    2 2008-07-24 18:44 loop2
brw-rw---- 1 root disk      7,    3 2008-07-24 18:44 loop3
brw-rw---- 1 root disk      7,    4 2008-07-24 18:44 loop4
brw-rw---- 1 root disk      7,    5 2008-07-24 18:44 loop5
brw-rw---- 1 root disk      7,    6 2008-07-24 18:44 loop6
brw-rw---- 1 root disk      7,    7 2008-07-24 18:44 loop7
lrwxrwxrwx 1 root root           13 2008-07-24 14:44 MAKEDEV -> /sbin/MAKEDEV
drwxr-xr-x 2 root root           60 2008-07-24 18:44 mapper
crw-r----- 1 root kmem      1,    1 2008-07-24 14:44 mem
crw-rw---- 1 root audio    14,    0 2008-07-24 14:44 mixer
crw-rw---- 1 root audio    14,   16 2008-07-24 14:44 mixer1
drwxr-xr-x 2 root root           60 2008-07-24 14:44 net
crw-rw-rw- 1 root root      1,    3 2008-07-24 14:44 null
crw-r----- 1 root kmem      1,    4 2008-07-24 14:44 port
crw------- 1 root root    108,    0 2008-07-24 14:44 ppp
crw-rw---- 1 root root     10,    1 2008-07-24 14:44 psaux
crw-rw-rw- 1 root root      5,    2 2008-07-24 18:51 ptmx
drwxr-xr-x 2 root root            0 2008-07-24 14:44 pts
crw-rw-rw- 1 root tty       2,    0 2008-07-24 14:44 ptyp0
crw-rw-rw- 1 root tty       2,    1 2008-07-24 14:44 ptyp1
crw-rw-rw- 1 root tty       2,    2 2008-07-24 14:44 ptyp2
crw-rw-rw- 1 root tty       2,    3 2008-07-24 14:44 ptyp3
crw-rw-rw- 1 root tty       2,    4 2008-07-24 14:44 ptyp4
crw-rw-rw- 1 root tty       2,    5 2008-07-24 14:44 ptyp5
crw-rw-rw- 1 root tty       2,    6 2008-07-24 14:44 ptyp6
crw-rw-rw- 1 root tty       2,    7 2008-07-24 14:44 ptyp7
crw-rw-rw- 1 root tty       2,    8 2008-07-24 14:44 ptyp8
crw-rw-rw- 1 root tty       2,    9 2008-07-24 14:44 ptyp9
crw-rw-rw- 1 root tty       2,   10 2008-07-24 14:44 ptypa
crw-rw-rw- 1 root tty       2,   11 2008-07-24 14:44 ptypb
crw-rw-rw- 1 root tty       2,   12 2008-07-24 14:44 ptypc
crw-rw-rw- 1 root tty       2,   13 2008-07-24 14:44 ptypd
crw-rw-rw- 1 root tty       2,   14 2008-07-24 14:44 ptype
crw-rw-rw- 1 root tty       2,   15 2008-07-24 14:44 ptypf
brw-rw---- 1 root disk      1,    0 2008-07-24 14:44 ram0
brw-rw---- 1 root disk      1,    1 2008-07-24 14:44 ram1
brw-rw---- 1 root disk      1,   10 2008-07-24 14:44 ram10
brw-rw---- 1 root disk      1,   11 2008-07-24 14:44 ram11
brw-rw---- 1 root disk      1,   12 2008-07-24 14:44 ram12
brw-rw---- 1 root disk      1,   13 2008-07-24 14:44 ram13
brw-rw---- 1 root disk      1,   14 2008-07-24 14:44 ram14
brw-rw---- 1 root disk      1,   15 2008-07-24 14:44 ram15
brw-rw---- 1 root disk      1,    2 2008-07-24 14:44 ram2
brw-rw---- 1 root disk      1,    3 2008-07-24 14:44 ram3
brw-rw---- 1 root disk      1,    4 2008-07-24 14:44 ram4
brw-rw---- 1 root disk      1,    5 2008-07-24 14:44 ram5
brw-rw---- 1 root disk      1,    6 2008-07-24 14:44 ram6
brw-rw---- 1 root disk      1,    7 2008-07-24 14:44 ram7
brw-rw---- 1 root disk      1,    8 2008-07-24 14:44 ram8
brw-rw---- 1 root disk      1,    9 2008-07-24 14:44 ram9
crw-rw-rw- 1 root root      1,    8 2008-07-24 14:44 random
crw-rw---- 1 root audio    10,  135 2008-07-24 14:44 rtc
brw-rw---- 1 root cdrom    11,    0 2008-07-24 14:44 scd0
brw-rw---- 1 root disk      8,    0 2008-07-24 14:44 sda
brw-rw---- 1 root disk      8,    1 2008-07-24 14:44 sda1
brw-rw---- 1 root disk      8,    2 2008-07-24 14:44 sda2
brw-rw---- 1 root disk      8,    3 2008-07-24 18:47 sda3
crw-rw---- 1 root root     21,    0 2008-07-24 14:44 sg0
crw-rw---- 1 root cdrom    21,    1 2008-07-24 14:44 sg1
drwxrwxrwt 2 root root           40 2008-07-24 14:44 shm
crw-rw---- 1 root root     10,  231 2008-07-24 14:44 snapshot
drwxr-xr-x 2 root root          260 2008-07-24 14:44 snd
lrwxrwxrwx 1 root root           24 2008-07-24 14:44 sndstat -> /proc/asound/oss/sndstat
lrwxrwxrwx 1 root root            4 2008-07-24 14:44 sr0 -> scd0
lrwxrwxrwx 1 root root           15 2008-07-24 14:44 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root root           15 2008-07-24 14:44 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root root           15 2008-07-24 14:44 stdout -> /proc/self/fd/1
crw-rw-rw- 1 root root      5,    0 2008-07-24 18:44 tty
crw-rw---- 1 root root      4,    0 2008-07-24 14:44 tty0
crw------- 1 root root      4,    1 2008-07-24 18:44 tty1
crw-rw---- 1 root root      4,   10 2008-07-24 14:44 tty10
crw-rw---- 1 root root      4,   11 2008-07-24 14:44 tty11
crw-rw---- 1 root root      4,   12 2008-07-24 14:44 tty12
crw-rw---- 1 root root      4,   13 2008-07-24 14:44 tty13
crw-rw---- 1 root root      4,   14 2008-07-24 14:44 tty14
crw-rw---- 1 root root      4,   15 2008-07-24 14:44 tty15
crw-rw---- 1 root root      4,   16 2008-07-24 14:44 tty16
crw-rw---- 1 root root      4,   17 2008-07-24 14:44 tty17
crw-rw---- 1 root root      4,   18 2008-07-24 14:44 tty18
crw-rw---- 1 root root      4,   19 2008-07-24 14:44 tty19
crw------- 1 root root      4,    2 2008-07-24 18:44 tty2
crw-rw---- 1 root root      4,   20 2008-07-24 14:44 tty20
crw-rw---- 1 root root      4,   21 2008-07-24 14:44 tty21
crw-rw---- 1 root root      4,   22 2008-07-24 14:44 tty22
crw-rw---- 1 root root      4,   23 2008-07-24 14:44 tty23
crw-rw---- 1 root root      4,   24 2008-07-24 14:44 tty24
crw-rw---- 1 root root      4,   25 2008-07-24 14:44 tty25
crw-rw---- 1 root root      4,   26 2008-07-24 14:44 tty26
crw-rw---- 1 root root      4,   27 2008-07-24 14:44 tty27
crw-rw---- 1 root root      4,   28 2008-07-24 14:44 tty28
crw-rw---- 1 root root      4,   29 2008-07-24 14:44 tty29
crw------- 1 root root      4,    3 2008-07-24 18:44 tty3
crw-rw---- 1 root root      4,   30 2008-07-24 14:44 tty30
crw-rw---- 1 root root      4,   31 2008-07-24 14:44 tty31
crw-rw---- 1 root root      4,   32 2008-07-24 14:44 tty32
crw-rw---- 1 root root      4,   33 2008-07-24 14:44 tty33
crw-rw---- 1 root root      4,   34 2008-07-24 14:44 tty34
crw-rw---- 1 root root      4,   35 2008-07-24 14:44 tty35
crw-rw---- 1 root root      4,   36 2008-07-24 14:44 tty36
crw-rw---- 1 root root      4,   37 2008-07-24 14:44 tty37
crw-rw---- 1 root root      4,   38 2008-07-24 14:44 tty38
crw-rw---- 1 root root      4,   39 2008-07-24 14:44 tty39
crw------- 1 root root      4,    4 2008-07-24 18:44 tty4
crw-rw---- 1 root root      4,   40 2008-07-24 14:44 tty40
crw-rw---- 1 root root      4,   41 2008-07-24 14:44 tty41
crw-rw---- 1 root root      4,   42 2008-07-24 14:44 tty42
crw-rw---- 1 root root      4,   43 2008-07-24 14:44 tty43
crw-rw---- 1 root root      4,   44 2008-07-24 14:44 tty44
crw-rw---- 1 root root      4,   45 2008-07-24 14:44 tty45
crw-rw---- 1 root root      4,   46 2008-07-24 14:44 tty46
crw-rw---- 1 root root      4,   47 2008-07-24 14:44 tty47
crw-rw---- 1 root root      4,   48 2008-07-24 14:44 tty48
crw-rw---- 1 root root      4,   49 2008-07-24 14:44 tty49
crw------- 1 root root      4,    5 2008-07-24 18:44 tty5
crw-rw---- 1 root root      4,   50 2008-07-24 14:44 tty50
crw-rw---- 1 root root      4,   51 2008-07-24 14:44 tty51
crw-rw---- 1 root root      4,   52 2008-07-24 14:44 tty52
crw-rw---- 1 root root      4,   53 2008-07-24 14:44 tty53
crw-rw---- 1 root root      4,   54 2008-07-24 14:44 tty54
crw-rw---- 1 root root      4,   55 2008-07-24 14:44 tty55
crw-rw---- 1 root root      4,   56 2008-07-24 14:44 tty56
crw-rw---- 1 root root      4,   57 2008-07-24 14:44 tty57
crw-rw---- 1 root root      4,   58 2008-07-24 14:44 tty58
crw-rw---- 1 root root      4,   59 2008-07-24 14:44 tty59
crw------- 1 root root      4,    6 2008-07-24 18:44 tty6
crw-rw---- 1 root root      4,   60 2008-07-24 14:44 tty60
crw-rw---- 1 root root      4,   61 2008-07-24 14:44 tty61
crw-rw---- 1 root root      4,   62 2008-07-24 14:44 tty62
crw-rw---- 1 root root      4,   63 2008-07-24 14:44 tty63
crw-rw---- 1 root root      4,    7 2008-07-24 14:44 tty7
crw-rw---- 1 root root      4,    8 2008-07-24 14:44 tty8
crw-rw---- 1 root root      4,    9 2008-07-24 14:44 tty9
crw-rw-rw- 1 root tty       3,    0 2008-07-24 14:44 ttyp0
crw-rw-rw- 1 root tty       3,    1 2008-07-24 14:44 ttyp1
crw-rw-rw- 1 root tty       3,    2 2008-07-24 14:44 ttyp2
crw-rw-rw- 1 root tty       3,    3 2008-07-24 14:44 ttyp3
crw-rw-rw- 1 root tty       3,    4 2008-07-24 14:44 ttyp4
crw-rw-rw- 1 root tty       3,    5 2008-07-24 14:44 ttyp5
crw-rw-rw- 1 root tty       3,    6 2008-07-24 14:44 ttyp6
crw-rw-rw- 1 root tty       3,    7 2008-07-24 14:44 ttyp7
crw-rw-rw- 1 root tty       3,    8 2008-07-24 14:44 ttyp8
crw-rw-rw- 1 root tty       3,    9 2008-07-24 14:44 ttyp9
crw-rw-rw- 1 root tty       3,   10 2008-07-24 14:44 ttypa
crw-rw-rw- 1 root tty       3,   11 2008-07-24 14:44 ttypb
crw-rw-rw- 1 root tty       3,   12 2008-07-24 14:44 ttypc
crw-rw-rw- 1 root tty       3,   13 2008-07-24 14:44 ttypd
crw-rw-rw- 1 root tty       3,   14 2008-07-24 14:44 ttype
crw-rw-rw- 1 root tty       3,   15 2008-07-24 14:44 ttypf
crw-rw---- 1 root dialout   4,   64 2008-07-24 14:44 ttyS0
crw-rw---- 1 root dialout   4,   65 2008-07-24 14:44 ttyS1
crw-rw---- 1 root dialout   4,   66 2008-07-24 14:44 ttyS2
crw-rw---- 1 root dialout   4,   67 2008-07-24 14:44 ttyS3
crw-rw-rw- 1 root root      1,    9 2008-07-24 18:44 urandom
crw-rw---- 1 root root    442,    0 2008-07-24 14:44 usbdev1.1_ep00
crw-rw---- 1 root root    442,    0 2008-07-24 14:44 usbdev1.1_ep81
crw-rw---- 1 root root    442,    1 2008-07-24 18:45 usbdev1.2_ep00
crw-rw---- 1 root root    442,    1 2008-07-24 18:45 usbdev1.2_ep81
crw-rw---- 1 root root    442, 2048 2008-07-24 14:44 usbdev2.1_ep00
crw-rw---- 1 root root    442, 2048 2008-07-24 14:44 usbdev2.1_ep81
crw-rw---- 1 root root    442, 4096 2008-07-24 14:44 usbdev3.1_ep00
crw-rw---- 1 root root    442, 4096 2008-07-24 14:44 usbdev3.1_ep81
crw-rw---- 1 root root    442, 6144 2008-07-24 14:44 usbdev4.1_ep00
crw-rw---- 1 root root    442, 6144 2008-07-24 14:44 usbdev4.1_ep81
crw-rw---- 1 root root    442, 8192 2008-07-24 14:44 usbdev5.1_ep00
crw-rw---- 1 root root    442, 8192 2008-07-24 14:44 usbdev5.1_ep81
crw-rw---- 1 root root      7,    0 2008-07-24 14:44 vcs
crw-rw---- 1 root root      7,    1 2008-07-24 18:44 vcs1
crw-rw---- 1 root root      7,    2 2008-07-24 18:44 vcs2
crw-rw---- 1 root root      7,    3 2008-07-24 18:44 vcs3
crw-rw---- 1 root root      7,    4 2008-07-24 18:44 vcs4
crw-rw---- 1 root root      7,    5 2008-07-24 18:44 vcs5
crw-rw---- 1 root root      7,    6 2008-07-24 18:44 vcs6
crw-rw---- 1 root root      7,    7 2008-07-24 18:44 vcs7
crw-rw---- 1 root root      7,  128 2008-07-24 14:44 vcsa
crw-rw---- 1 root root      7,  129 2008-07-24 18:44 vcsa1
crw-rw---- 1 root root      7,  130 2008-07-24 18:44 vcsa2
crw-rw---- 1 root root      7,  131 2008-07-24 18:44 vcsa3
crw-rw---- 1 root root      7,  132 2008-07-24 18:44 vcsa4
crw-rw---- 1 root root      7,  133 2008-07-24 18:44 vcsa5
crw-rw---- 1 root root      7,  134 2008-07-24 18:44 vcsa6
crw-rw---- 1 root root      7,  135 2008-07-24 18:44 vcsa7
prw-r----- 1 root adm             0 2008-07-24 18:50 xconsole
crw-rw-rw- 1 root root      1,    5 2008-07-24 14:44 zero

@XPS:~$ ls -ld /media /media/windows
drwxr-xr-x 4 root root 4096 2008-07-24 14:03 /media
drwxr-xr-x 2 root root 4096 2008-07-24 14:03 /media/windows

@XPS:~$ ls -l $(which ntfs-3g)
-rwsr-x--- 1 root ntfsusers 98392 2008-07-23 14:45 /bin/ntfs-3g

I simply deleted the user's name from the "id" output. Her name appeared in the parenthesis as it should, but it is her real first name, which is why I am hiding it.


Fri Jul 25, 2008 00:54
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
The user indeed doesn't have right to access /dev/sda3 and mount on /media/windows.

You need to fix both of them to be able to mount unprivileged.


Fri Jul 25, 2008 01:02
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post 
Hi

Alternately you may create a shell script with all the relevant checks, and start it with sudo, with your specific user declared in /etc/sudoers as being allowed to start the script.

Note : ntfs-3g is in user space, its requirements and behaviour have to be different from in-kernel file systems.

Regards

Jean-Pierre


Fri Jul 25, 2008 08:42
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
Well here is what I do not understand. Why does this identical setup work on every other machine I have done it on, and not this one? I would be willing to go as far as allowing either of you to SSH in to a limited account and view all three systems. All three are the same, but this one just isn't working, while the other two are. In fact, the only real difference between the three systems is the hardware that makes up the systems. So why do I have to do it differently here?


Fri Jul 25, 2008 17:20
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I added my user to the disk group and changed ownership of /media/windows to "root:ntfsusers" with the permissions of 660 (drw-rw----). Now I get this.
Code:
user@XPS:~$ ntfs-3g /dev/sda3 /media/windows
ntfs-3g-mount: failed to chdir to mountpoint: Permission denied
user@XPS:~$ ls -l /media
total 8
lrwxrwxrwx 1 root root         6 2008-07-18 19:58 cdrom -> cdrom0
drwxr-xr-x 2 root root      4096 2008-07-18 19:58 cdrom0
drw-rw---- 2 root ntfsusers 4096 2008-07-24 14:03 windows

Ideas?


Fri Jul 25, 2008 17:52
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
jpa wrote:
Note : ntfs-3g is in user space, its requirements and behaviour have to be different from in-kernel file systems.

By design ntfs-3g should always behave exactly the same as in-kernel file systems.

This case is different because none of the in-kernel file systems can provide running a file system driver unprivileged. This is one of the unique features of NTFS-3G.

Here are the several scenarios:

1. root initiates mount, driver runs as root.

2. user initiates mount, driver runs as root. There are many, distribution specific solutions: http://ntfs-3g.org/support.html#plugandplay

3. user initiates mount, driver runs unprivileged: unique feature of NTFS-3G. It is allowed only if the needed requirements are meet discussed at http://ntfs-3g.org/support.html#useroption

In Sephiroth's case the user had no right to the device and no right to the mount point, so all the error messages were correct.

Regards, Szaka


Fri Jul 25, 2008 20:07
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
Sephiroth wrote:
I added my user to the disk group and changed ownership of /media/windows to "root:ntfsusers" with the permissions of 660 (drw-rw----). Now I get this.
Code:
user@XPS:~$ ntfs-3g /dev/sda3 /media/windows
ntfs-3g-mount: failed to chdir to mountpoint: Permission denied
user@XPS:~$ ls -l /media
total 8
lrwxrwxrwx 1 root root         6 2008-07-18 19:58 cdrom -> cdrom0
drwxr-xr-x 2 root root      4096 2008-07-18 19:58 cdrom0
drw-rw---- 2 root ntfsusers 4096 2008-07-24 14:03 windows

Ideas?

As the error message says, the user doesn't have permission to enter /media/windows. So give the directory the needed permission:

chmod 770 /media/windows


Fri Jul 25, 2008 20:09
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I gave the directory the permission 660 since I don't want users to be able to attempt to execute Windows executables. Changing it to 770 will just add permission to execute files, which should grant an unprivileged user to enter the directory. However, I can go into that directory with the user account and look around, but there is obviously nothing there. This is what is confusing. The user CAN enter the directory in the shell, but NTFS-3G says that the user cannot?


Sat Jul 26, 2008 05:15
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
Sephiroth wrote:
I gave the directory the permission 660 since I don't want users to be able to attempt to execute Windows executables. Changing it to 770 will just add permission to execute files, which should grant an unprivileged user to enter the directory.

The 'x' bit on directories has nothing to do with file execution. It means if the user can enter the directory or not.

So just follow what you were already advised at least five times earlier and use the 'noexec' mount option if you want to prevent users running files from the volume,


Sat Jul 26, 2008 10:31
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
So when was that change implemented? When I wa staught Linux years ago, those stood for Read, Write, and eXecute, which shows up as "rwx" in a listing. Besides that, the user CAN enter that directory at will as-is. That is just confusing because I can take the user into the directory and dance in circles, but NTFS-3G says I cannot. Perhaps a tutorial on the new version of NTSF-3G should be posted, explaining that just because your user may enter a mount-point, it doesn't mean they can enter the mount-point for some reason. This is what had me confused. I also still want to know when x was changed from eXecute to "you may enter this directory", which is what the user:group stuff was for.


Sat Jul 26, 2008 17:14
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
Sephiroth wrote:
So when was that change implemented?

Never. This is how 'x' is interpreted for directories by definition for about 40 years: http://en.wikipedia.org/wiki/File_syste ... ermissions

Your misunderstanding comes from the wrong interpretation of the directory read permission. You think the user can enter but in fact she can't, only list the name of the files. The directory permissions are not obvious and many people misunderstands them. Of course this is not NTFS-3G specific, all Unix file systems behave the same.


Sat Jul 26, 2008 18:40
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
Alright I gotcha'. I was thinking of file permissions, where x is execute, unless I am mistaken. I'll make the change and if I have another issue, I'll report it. If this fixes the problem, my only concern is adding users to the "disk" group. If I do this, won't this allow way too much access in the sense that they can then mount and unmount other partitions?


Sat Jul 26, 2008 20:21
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
Don't add users to the "disk" group. Instead change the owner of the NTFS partition to which the NTFS users have access.


Sun Jul 27, 2008 12:39
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I didn't think it was wise to change anything in /dev? I don't mind doing that, but only if it won't screw anything up or poke another hole in security. Also, I have updated this machine to your latest build and will do the same with the other one the next time it comes in. Works fine. However, does it work with Vista yet? I am working on a Vista laptop and the customer wants the same setup we use, where we make a restoration image on a Linux partition for emergencies, but I didn't think NTFS-3G worked with Vista partitions yet.


Sun Jul 27, 2008 17:23
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
szaka wrote:
Don't add users to the "disk" group. Instead change the owner of the NTFS partition to which the NTFS users have access.

I've been meaning to drop by and tell you that you can't change ownership of anything in /dev, and it gets reset at boot anyway. The only option IS to add users to the disk group. If I remove the users from the disk group, even though they have access to the mount-point and NTFS-3G stuff, it won't allow them to mount the device. Ideas?


Mon Aug 04, 2008 21:20
Profile

Joined: Fri Aug 22, 2008 01:17
Posts: 1
Post 
To get by the problem with permissions in /dev being reset you can create an udev-rule.
See man udev
I was helped by this article: http://www.redhat.com/magazine/002dec04/features/udev/.

My problem was with an external USB-drive.

I created the file "/etc/udev/rules.d/50-LaciePerm.rules"
containg the rule
Code:
SYSFS{product}=="LaCie Hard Drive USB", SYSFS{serial}=="10000E0009C24E5E", OWNER="root", GROUP="specdisk", MODE="660"


identifying my drive uniquely and making sure it gets the right permissions.
specdisk is the group for users allowed to mount ntfs-drives.

I hope this helps.


Fri Aug 22, 2008 01:26
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
I still need a solution to this problem. I can understand the need for security, but when it is so secure that even legit users are unable to mount the partition without being in the disk group, something's wrong. I am on yet another laptop and have everything working except ntfs-3g. I can *NOT* add users to the disk group. There has to be some way that a normal user can mount an NTFS partition, or the program would be useless since most users do not have root access. I also cannot change ownership of the devices in /dev due to other applications and permissions.


Tue Sep 02, 2008 07:08
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post 
Hi,

you can :

- grant the access in an ACL (you do not want that, but that is the standard way to control access to local devices in some distributions),
- create a shell script which does the mount after making all the relevant checks, and make it startable by sudo

Regards

Jean-Pierre


Tue Sep 02, 2008 08:21
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
Sephiroth wrote:
I still need a solution to this problem. I can understand the need for security, but when it is so secure that even legit users are unable to mount the partition without being in the disk group, something's wrong.

Apparently it's only you who wants the strongest security (full unprivileged mount). In most other cases root mounts the volume on behalf of a user or group by using the uid, gid, fmask, and dmask mount options or the security improved version from http://pagesperso-orange.fr/b.andre/security.html

None of the main Linux file system supports what you want, only ntfs-3g and the strict security checks are the price for this.

So, perhaps you could also just use the distribution specific solution described at http://ntfs-3g.org/support.html#plugandplay and be happy like any other people?


Tue Sep 02, 2008 12:03
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
You misunderstand me, I do NOT want the security this tight. Right now the only way possible to make this work is to add users to the "disk" group, which is an incredible security hole since they then have access to all disk devices. In prior versions of NTFS-3G, this was not needed and I can remember simply having to make a group and assign users to it to allow a mount or unmount. This is the dilemma I have. I either give regular users full disk access so they can use NTFS-3G, or I give them none like normal, and NTFS access is gone.


Wed Sep 10, 2008 04:22
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
Old NTFS-3G versions had a local root exploit which was fixed.

Many distributions supports what you want out of the box without modifying any permissions anywhere. I suggest check out one of them (e.g. Ubuntu, Fedora, Mandrake) how they do what you want. NTFS-3G supports and can be used in quite many ways.

Good luck!


Wed Sep 10, 2008 12:24
Profile

Joined: Thu Nov 29, 2007 06:32
Posts: 28
Location: North Carolina
Post 
Not trying to dig up this old thread, but I installed Debian Lenny AMD64, got everything working, installed FUSE and NTFS-3G, did the chmod and chown on the help page as usual, created /media/windows and set it to 776 and owned by root and the ntfsusers group as before, but now nobody except root can mount. This is using 1.5130 on the main page. The exact commands I entered after compiling and installing FUSE and NTFS-3G follow.
Code:
chown root:ntfsusers $(which ntfs-3g)
chmod 4750 $(which ntfs-3g)
mkdir /media/windows
chown -R root:ntfsusers /media/windows
chmod -R 776 /media/windows

My user account is a member of the ntfsusers group and I have gone as far as rebooting to ensure that I am in that group. I have since tried changing permissions to 777 on the mount-point and STILL no go. It is setup in /etc/fstab to mount /dev/hda3 on /media/windows, and root can mount the drive simply by doing "mount /dev/hda3". Is this a new bug or have I left out a step?


Tue Jan 06, 2009 22:43
Profile
Tuxera CTO

Joined: Tue Nov 21, 2006 23:15
Posts: 1648
Post 
What are the outputs of
Code:
ntfs-3g --help
ntfs-3g /dev/sda3 /media/windows
id
ls -l /dev/sda3
ls -ld /media /media/windows
ls -l $(which ntfs-3g)


Tue Jan 06, 2009 23:34
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3  Next


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.