FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Mon Dec 10, 2018 01:53



Post new topic Reply to topic  [ 12 posts ] 
Write-only on group/other files with "permissons" set 
Author Message

Joined: Thu May 01, 2014 03:11
Posts: 7
Post Write-only on group/other files with "permissons" set
Hi,

Following "Ownership and Permissions" I've set up my NTFS drive with "permissions" to handle chmod, and created a user mapping. My /etc/fstab looks like this:
Code:
# ntfs on /dev/sda1
UUID=96F0195FF0194741 /media/data   ntfs-3g   nosuid,nodev,permissions,inherit,windows_names   0   0


/media/data/.NTFS-3G/UserMapping
Code:
# Generated by usermap for Linux, v 1.1.4
:alad:S-1-5-21-1644491937-562591055-1801674531-513
alad:alad:S-1-5-21-1644491937-562591055-1801674531-1003


As all files were owned by root I've changed them accordingly:
Code:
# chmod -R u=rwX,g=rX,o=rX /media/data
# chown -R alad.alad /media/data


It all works fine (though I mainly use the drive in Linux), but whenever I create a new file I get strange permissions on them:
Code:
/media/data$ touch file
/media/data$ ls -l file
-rw--w--w- 1 alad alad 0 mei  1 03:23 file
/media/data$ ls -dl test
drwx-w--w- 1 alad root 0 mei  1 03:27 test

The manual says umask/fmask/dmask has no impact here, and it doesn't. Permissions in other partitions work correctly.

I'm having some strange behaviour with Steam (the SteamLibrary is on that drive) and perhaps it's related - though my user should still have read/execute access. So.. where lies my mistake?

Xubuntu 14.04
ntfs-3g 1:2013.1.13AR.1-2ubuntu2

Cheers,

Alad


Thu May 01, 2014 03:34
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Write-only on group/other files with "permissons" set
Hi,

Quote:
Code:
:alad:S-1-5-21-1644491937-562591055-1801674531-513
alad:alad:S-1-5-21-1644491937-562591055-1801674531-1003

This is wrong : you have defined two settings for the group alad. Assuming the Windows 7 model, the second line should be :
Code:
alad::S-1-5-21-1644491937-562591055-1801674531-1003

Quote:
As all files were owned by root I've changed them accordingly:

First you have to decide which permission model you want : either the Windows one (inheritance) or the Linux one (more consistent with Linux applications). When you select the Windows one (through option inherit), you should not use chmod/chown/setfacl. In future versions these commands will have no effect when inherit is selected, but this is not done in current versions.

You say that your files were owned by root, so they were probably not created by Windows (and you probably do not want inherit), or they were created by another Windows user (and your UserMapping is wrong).
Quote:
Code:
/media/data$ touch file
/media/data$ ls -l file
-rw--w--w- 1 alad alad 0 mei  1 03:23 file


As inherit option is active, the permissions on a newly created file only depend on the parent directory, so most likely the permissions on the parent directory are not fit for inheritance. Was the parent directory created by Windows ?
Quote:
The manual says umask/fmask/dmask has no impact here, and it doesn't. Permissions in other partitions work correctly.

The mount options umask/fmask/dmask have no impact when permissions or inheritance are effective. The umask command is still in use when inheritance is not used, and, if this is an external device, its is mounted with a umask of 600 for some reason.
Quote:
I'm having some strange behaviour with Steam

If Steam is an application designed to run on Linux, you should probably avoid inheritance, as Steam may have difficulties with the Windows permission model.
In case Steam would use a specific uid or gid, I recommend you add a generic line to the UserMapping file (this must be the last line) :
Code:
::S-1-5-21-1644491937-562591055-1801674531-10000


Regards

Jean-Pierre


Thu May 01, 2014 09:34
Profile

Joined: Thu May 01, 2014 03:11
Posts: 7
Post Re: Write-only on group/other files with "permissons" set
I've changed /etc/fstab to remove "inherit", and changed UserMapping as you suggested.

Code:
# Generated by usermap for Linux, v 1.1.4
:alad:S-1-5-21-1644491937-562591055-1801674531-513
:alad:S-1-5-21-1644491937-562591055-1801674531-1003
::S-1-5-21-1644491937-562591055-1801674531-10000


(I had to add the " : " to make it mount)

Quote:
As inherit option is active, the permissions on a newly created file only depend on the parent directory, so most likely the permissions on the parent directory are not fit for inheritance. Was the parent directory created by Windows ?


Well that example was in the root directory, and I've formatted the drive under Windows so I guess yes..

Quote:
The mount options umask/fmask/dmask have no impact when permissions or inheritance are effective. The umask command is still in use when inheritance is not used, and, if this is an external device, its is mounted with a umask of 600 for some reason.


I didn't say that right; I meant I've attached "umask=0044" in /etc/fstab and it didn't change, as expected. But my regular umask is 0002 so I don't know why it's not respected on the NTFS partition...


Thu May 01, 2014 16:57
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Write-only on group/other files with "permissons" set
Hi,

Quote:
Code:
# Generated by usermap for Linux, v 1.1.4
:alad:S-1-5-21-1644491937-562591055-1801674531-513
:alad:S-1-5-21-1644491937-562591055-1801674531-1003
::S-1-5-21-1644491937-562591055-1801674531-10000

The colon is misplaced. "alad" as a user is the first field and code endind in 1003, "alad" as a group is the second field and code ending in 513. This should be :
Code:
# Generated by usermap for Linux, v 1.1.4
:alad:S-1-5-21-1644491937-562591055-1801674531-513
alad::S-1-5-21-1644491937-562591055-1801674531-1003
::S-1-5-21-1644491937-562591055-1801674531-10000


Regards

Jean-Pierre


Thu May 01, 2014 18:34
Profile

Joined: Thu May 01, 2014 03:11
Posts: 7
Post Re: Write-only on group/other files with "permissons" set
Thanks, I've adjusted the mapping.

I'm making some progress.. or so I think.

permissions
umask 0002
-> -rw--w--w-

permissions,umask=0002
umask 0002
-> -rw--w----

permissions,umask=0022
umask 0002
-> -rw-------

:o


Sat May 03, 2014 01:00
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Write-only on group/other files with "permissons" set
Hi,

Quote:
I'm making some progress.. or so I think.


If this is an external device, some umask may be enforced irrespective of ntfs-3g

What are your mount options ?
What is the output of basic user-mode commands, like :
Code:
touch somefile
ls -l somefile
chmod 644 somefile
ls -l somefile
chmod 754 somefile
ls -l somefile


Regards

Jean-Pierre


Sat May 03, 2014 11:20
Profile

Joined: Thu May 01, 2014 03:11
Posts: 7
Post Re: Write-only on group/other files with "permissons" set
Mount options for my above try were

#1 nosuid,nodev,permissions,windows_names
#2 nosuid,nodev,permissions,umask=0002,windows_names
#3 nosuid,nodev,permissions,umask=0022,windows_names

It's an internal drive, SAMSUNG_SP2504C if that helps.

Basic commands with #3 are

NTFS:

Code:
/media/data$ touch file
/media/data$ ls -l file
-rw--w--w- 1 alad alad 0 mei  4 09:08 file
/media/data$ chmod 644 file
/media/data$ ls -l file
-rw-r--r-- 1 alad alad 0 mei  4 09:08 file
/media/data$ chmod 754 file
/media/data$ ls -l file
-rwxr-xr-- 1 alad alad 0 mei  4 09:08 file


ext4:

Code:
~$ touch file
~$ ls -l file
-rw-rw-r-- 1 alad alad 0 mei  4 09:09 file
~$ chmod 644 file
~$ ls -l file
-rw-r--r-- 1 alad alad 0 mei  4 09:09 file
~$ chmod 754 file
~$ ls -l file
-rwxr-xr-- 1 alad alad 0 mei  4 09:09 file


I'm going to try it on a different distribution and see if it makes any difference.


Sun May 04, 2014 09:12
Profile

Joined: Thu May 01, 2014 03:11
Posts: 7
Post Re: Write-only on group/other files with "permissons" set
edit:

Alad wrote:
Basic commands with #3 are


Sorry that was #1

Code:
nosuid,nodev,permissions,windows_names


Sun May 04, 2014 09:40
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Write-only on group/other files with "permissons" set
Hi,

Well, yes there is a bug, umask is taken into account and it should not. This is even why hotplugged external devices get a leaked umask.

Until this is fixed, you should not mount with a umask option.

Now, this does not explain what you get. Maybe you tested an existing file, or you have the Posix ACLs activated. Please try :

Code:
rm -f newfile
getfacl .
umask 006
touch newfile
getfacl newfile
rm -f newfile
umask 0066
touch newfile
getfacl newfile

Regards

Jean-Pierre


Tue May 06, 2014 10:30
Profile

Joined: Thu May 01, 2014 03:11
Posts: 7
Post Re: Write-only on group/other files with "permissons" set
Hi, sorry for the belated reply.

Currently I use NTFS-3g on Arch Linux:
Code:
Name           : ntfs-3g
Version        : 2014.2.15-1
Name           : fuse
Version        : 2.9.3-2


As before:
Code:
ntfs-3g nosuid,nodev,permissions,windows_names


Difference is that now I get -rw-rw-rw- for new files on NTFS, while elsewhere it's -rw-r--r--. Asked commands:

Code:
[alad@arbellen data]$ rm -f test
[alad@arbellen data]$ getfacl .
# file: .
# owner: alad
# group: alad
user::rwx
group::r-x
other::r-x

[alad@arbellen data]$ umask 006
[alad@arbellen data]$ touch newfile
[alad@arbellen data]$ getfacl newfile
# file: newfile
# owner: alad
# group: alad
user::rw-
group::rw-
other::rw-

[alad@arbellen data]$ rm -f newfile
[alad@arbellen data]$ umask 0066
[alad@arbellen data]$ touch newfile
[alad@arbellen data]$ getfacl newfile
# file: newfile
# owner: alad
# group: alad
user::rw-
group::rw-
other::rw-


Sat May 31, 2014 11:00
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Write-only on group/other files with "permissons" set
Hi,

Quote:
Difference is that now I get -rw-rw-rw- for new files on NTFS, while elsewhere it's -rw-r--r--.

I see. You are using ntfs-3g with the Posix ACLs disabled in the mount options, though they are compiled in. Unfortunately Posix ACLs behavior has leaked, leading to the umask to be ignored and the permission mask to be shown in place of the group permissions.

I need some time to fix this bug. In the meantime, can you recompile without the Posix ACLs features (with no option to ./configure) ?
Code:
./configure
make
# install must be done as root
sudo make install

Alternately, you could mount with option "acl" instead of "permissions", but this leads to a behavior different from what you might want.

Regards

Jean-Pierre


Mon Jun 02, 2014 22:08
Profile

Joined: Thu May 01, 2014 03:11
Posts: 7
Post Re: Write-only on group/other files with "permissons" set
Without --enable-posix-acls it works as expected. Thank you for your support. :)

Cheers,
Alad


Mon Jun 02, 2014 23:02
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.