mounting ntfs usb disk and user access

before I had an external usb hard disk (formated with ntfs) mounted in user space (i.e. via the KDE panel or by clicking in dolphin on the respective entry)

no I want to mount that HD at boot time and to export it via nfs.
when doing that I encountered the following problem:
I want a particular folder on that HD to be accessibe by a particular user.
with non-ntfs-disks I simply had used chown to change the permissions of that folder.
with the ntfs disk however this didn’t word. the permissions didn’t change after using chown (as root of course)
but the permissions are set to rwx for all!

does ntfs not allow to mount as root and to set ownership to a particular user?
do I have to format the disk to e.g. ext?

the fstab entry for that disk contains:
ntfs-3g user,user_xattr,nofail 1 2
before it was
ntfs-3g defaults 0 0
with the same result

Of course you can not change ownership of user/group and/or permission bits on an NTFS file system, because they are not there. They are only faked by the NTFS software on Linux. Wha they will be on your system when the NTFS file system is mounted is decided by the parameters of the mount. They are filled in with the user/group of the users that mounts them using the desktop feature. Or, when root mounts them with the mount statment, they are there in the options field. And they can of course be in an fstab entry when that is used.

I always advise to use non-Linux file system types only for exchanging data with non-Linux systems. Not for integral using in a Linux system. And I guess that mounting it permanently and exporting is through NFS is rather inegral Linux usage.

Hi suse_paul !

In other words: NTFS by default doesn’t know about permissions. Period.

And even if it would: could you expect that permissions would be treated the same way under Linux as they could possibly be treated under windows ??

The access rights to an NTFS volume under Linux are given by the entries in /etc/fstab (or under openSUSE can as well be set using the partitioner of YaST),
and are further influenced by the settings in e.g. /etc/polkit-default-privs.local.

You could format your USB drive with a Linux file system (like ext3 or ext4).

But then on the other hand the question arises of how you could access that drive as a non-root user.

Best wishes
Mike

That is of course the same case as for every file in Linux. To be done by correct ownership and permissions.

I have a question with respect to that, that I will post soon - but perhaps you could answer that now?

No, it is not the permission for a single file. That would be rather trivial.

But I have formatted 2 external USB hard disks with ext4 and ReiserFS.

To be able to write to the root directory of these external USB disks as the standard (non-root) user,
for which file should I change the permissions?

Thanks
Mike

On 2014-07-09 22:06, ratzi wrote:
>
> Hi suse_paul !
>
> hcvv;2653048 Wrote:
>> Of course you can not change ownership of user/group and/or permission
>> bits on an NTFS file system, because they are not there.
>
> In other words: NTFS by default doesn’t know about permissions. Period.

No, that is not true. NTFS has a very complex or powerful set of
permissions, including ownership (on Windows), akin to Linux ACLs, and
Linux does not support them all. It might be possible to do some
translation between some Linux permissions and some Windows NTFS
permissions, and I believe there is some experimental support for such.

Meanwhile what we have for NTFS mounts is about the same to what we have
for vfat: permissions are defined for the entire partition at mount time.

Notice that vfat does have some permission support, but not ownership.
For example, the MsDos “write” permission can be translated. I did
experiments years ago, and it translated in Linux as “w” for everybody,
or nobody at all. I’m not sure about the MsDOS “r” attribute.

You could experiment now if this is still true, and when; and remember
that “vfat” is not the only Linux equivalent for “FAT” that we can use,
there are, or were, other variants.

For instance, there was a filesystem type that stored the Linux
permission sets on a separate file stored somewhere on the FAT
filesystem, so that Linux did see it with about the entire Linux
permission set. This was used about two decades ago to be able to run
Linux on a FAT partition without reformatting it, which at that time
scared many people away - and disks were not that big, so an extra
partition was also a waste.

This must still be somewhere in the manual.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Correct me if I’m wrong.
That would mean that permissions loose their significance if the filesystem is read using a different operating system.

Best wishes
Mike

On 2014-07-10 00:16, ratzi wrote:

> Correct me if I’m wrong.
> That would mean that permissions loose their significance if the
> filesystem is read using a different operating system.

No, that’s correct

There can be some translation, depending on what each operating system
defines.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

On 2014-07-09 23:06, ratzi wrote:

> To be able to write to the root directory of these external USB disks as
> the standard (non-root) user,
> for which file should I change the permissions?

Of the directory or mount point, once mounted.

But I think it is preferable to create a directory, just at the root of
the external disk, named for the user that needs access, and chown that
directory to that user.

Then that user has full permissions on that directory. A different user
may have another directory of his own. Or they can share another,
adjusting the group permissions.

But remember that in Linux ownership is not name based, but number
based. That is, suppose you have a machine ‘one’ where user ‘john’ is
the first user, with UID 1000, and machine ‘two’ has user ‘tony’ as the
first user, with UID 1000.

Well, a file belonging to “john” on the first machine, when copied over
to the second machine, it automatically belongs there to “tony”, even if
the second machine has another user named “john”.

Which is often a complication.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

As said, it is all the same for every directory/file. That fact that there is a mount point somewhere doesn’t matter.

Look e.g. at /home (mine e.g.):

totaal 40
drwxr-xr-x 10 root   root  4096 17 jan 14:37 ./
drwxr-xr-x 23 root   root  4096 10 jul 11:50 ../
drwxr-xr-x  6 mysql  mysql 4096 18 jan 15:44 databases/
drwxr-xr-x 85 henk   wij   4096 10 jul 12:54 henk/
drwx------  2 root   root  4096 25 okt  2009 lost+found/
drwxr-xr-x 34 marian wij   4096  3 aug  2013 marian/
drwxr-xr-x 12 mgi    users 4096  8 jul 10:15 mgi/
drwxr-xr-x 17 smweb  www   4096  8 jul 09:44 smweb/
drwxr-xr-x  8 wappl  www   4096 21 mei 10:14 wappl/
drwxrwxrwx 16 henk   wij   4096 29 jun 16:05 wij/
henk@boven:~>

/home /itself (here represented by ./) is owned by root:root, and only the owner (root) has write permission and thus can cretae,/remove thiings, but everybody can read and see what is there. The several home directories are owned by the several users and thus only those users can change thingsin there. This has nothing to do with the fact if /home is on a separate file system or not.

So it all depends on who must have what sorts f access to what.

When it is for one user, you could e.g. create the mount point inside the user’s home directory (e.g. /home/theuser/music) and then of course make the user and hhis default group own that directory (orlet it create bij the user himself, he weill them be the owner automaticaly). And of ourse (s)he should be owner of what is inside that file system).

When you have more users that should be able to read and/or write, first decide if that is all users, or only a subset. Then you must create groups for those groups, so you can then set permissions on the group level. You could e.g. create a mount point in system space (e.g. /mnt/music-for-for-all) and make the owner one of the group (that then has probably more rights, so choose tehier chairman or make an extra user) and the special group. Then set the group permisson so that everybody in the groups can r, w and x there.

Again it all depends on your wishes, the number of users, the grouping of the users, the security you want against bad users, etc.

BTW, there was some talking about NFS exporting. Take care that your users have the same userid on the different systems. Else on system one user aap with userid 1001 will have access to the files on system two with user noot which on that system also has userid 1001.

Hi Carlos!

That’s the way it e.g. is arranged for /home.

But I would like to have it a different way on my external USB drives:
I would like to be able, as the standard (non-root) user,
to mount the and write to the external USB drive with a Linux filesystem (ext3, ext4, ReiserFS, …)
just the same way I do it with an external USB drive with the NTFS filesystem.

Now that’s very good to know !!

When Unix was designed, there neither has been a PC on every desktop,
nor portable drives like USB drives - and external SCSI hard disks by Linux
later on were still rather treated like internal hard disks … :\

Thanks
Mike

Hi Henk!

That sounds really simple!

For the internal hard disk I clearly want to have permissions and access restrictions, already because my son loves to try out many things on the PC,
and l prefer to prevent him from shooting the system …

With respect to an external USB hard disk this is different: here the security for me results from the fact that I’m usually the only one that
has physical access to the drive, which means that I only plug it when I want to make some backups. Otherwise that drive isn’t connected.

Now I still don’t see one point: when I plug a USB drive, then by openSUSE/Linux usually a mount point is created automatically.
So is it possible to - once and for always - set the permissions for such a mount point that automatically is created (and removed) by openSUSE?

Thanks
Mike

Nope.
You can of course create that mountpoint Anywhere, but NOT in /media or the place where those “automatic” mountpoints are created. But again I am not you and only you know exacly what the intended usage is. You now talk aboutt backup. But is that a system backup or a personal backup from you as end-user?

When the first, I would create a mount point inside /mnt (e.g. /mnt/backup). do that as root, because root only is able to make a good backup from system files.

When the latter, I would create a mount point inside my home directory like ~/backup. Do this as the user (then the ownership, etc. is OK).

Next is to create an entry in /etc/fstab. Only root can do this. In the second case add parameter user=… to enable that user to mount himself.

It is a good idea to label the ext4 file system on the device with

tune2fs -L Backup /dev/sd..

(Backup is your choice of course and take the correct! /dev/sd… please!)
You can then use /dev/disk/by-lable/Backup in /etc/fstab. This will make things a lot more clear to everybody, but the big advantage is that it will prevent this device from being mounted “automagicaly” by the desktop (on a place you do not like, etc).

Hi Henk!

First I couldn’t believe what you wrote, and tried different polkit settings
(why should a Linux file system be treated differently in comparison to NTFS?)

One is tempted to just run Linux as root, in order to avoid uncomfortabilities.

But that isn’t my usual approach - that would be an approach followed by Microsoft windows for decades.

Back to the topic as such.

If I plug the USB hard disk with ext4 as file system on it, the mount point created by openSUSE 13.1 is in /var/run/media/alltag/ ,
where ‘alltag’ is the name of my standard user.

I unmounted that drive.

Using the partitioner of YaST, I then created the mount point /mnt/Medi2TB2_EXT4/ for it.

The respective entry in /etc/fstab for that external USB hard disk created by the partitioner of YaST looks
‘LABEL=Medi2TB2_EXT4 /mnt/Medi2TB2_EXT4 ext4 noatime,user,noauto,acl,nofail 0 0’

The option ‘nofail’ (which is introduced by the partitioner of YaST) seems to be important here,
since if it is not given, one seems to end up in rescue mode after boot if the device isn’t plugged at boot
(an obstacle that I once painfully encountered while using external SCSI hard disks)

Plugging this external USB hard disk after boot I in fact can see it under ‘Places’
on the left hand side of the Dolphin windows of KDE (this is a really bad translation -
it should rather read: ‘Locations’, or even better: ‘Volumes’ !!).

And I can then mount the drive by a single mouse click on the icon displayed there.

This happens despite some pages on the WEB are telling that this would not be possible
unless the mount point would be created in /media instead of /mnt.

Copying a file to that volume as the standard user still isn’t possible (access denied).

Unmounting that drive again.

Then, as root, I changed the owner of ‘/mnt/Medi2TB2_EXT4’ to ‘alltag’, and the group to ‘users’.

Re-booting.

Re-plugging the USB hard disk, and mounting it using Dolphin - yes, copying a file to it as the standard user now works !

Many thanks
Mike

On 2014-07-10 16:36, ratzi wrote:

>> Then that user has full permissions on that directory. A different user
>> may have another directory of his own. Or they can share another,
>> adjusting the group permissions.
>
> That’s the way it e.g. is arranged for /home.
>
> But I would like to have it a different way on my external USB drives:
> I would like to be able, as the standard (non-root) user,
> to mount the and write to the external USB drive with a Linux filesystem
> (ext3, ext4, ReiserFS, …)
> just the same way I do it with an external USB drive with the NTFS
> filesystem.

No, the same way as it is done with NTFS or FAT filesystems is utterly
impossible.

Remember that as Linux does not handle NTFS own permission system, Linux
fakes instead permissions based on mount options.

But there are no mount options to handle permissions on native Linux
filesystems. Try, they are ignored.

Thus, permissions on an ext2/3/4, xfs, btrfs, reiserfs, xfs, etc, are
done with chown and chmod commands in the usual Linux way.

On such a filesystem, mounted externally, how the root directory is
handled on different machines may vary - which is why we typically
instead chown a directory under it: to be sure.

> robin_listas;2653212 Wrote:
>> But remember that in Linux ownership is not name based, but number
>> based. That is, suppose you have a machine ‘one’ where user ‘john’ is
>> the first user, with UID 1000, and machine ‘two’ has user ‘tony’ as the
>> first user, with UID 1000.
>>
>> Well, a file belonging to “john” on the first machine, when copied over
>> to the second machine, it automatically belongs there to “tony”, even if
>> the second machine has another user named “john”.
>
> Now that’s very good to know !!
>
> When Unix was designed, there neither has been a PC on every desktop,
> nor portable drives like USB drives - and external SCSI hard disks by
> Linux
> later on were still rather treated like internal hard disks … :\

There were removable media such as tapes and floppies, which pose the
same problem. But there were few computers.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

On 2014-07-10 23:16, ratzi wrote:

> Back to the topic as such.
>
> If I plug the USB hard disk with ext4 as file system on it, the mount
> point created by openSUSE 13.1 is in /var/run/media/alltag/ ,
> where ‘alltag’ is the name of my standard user.

Did you try writing files?

> Using the partitioner of YaST, I then created the mount point
> /mnt/Medi2TB2_EXT4/ for it.

…

> And I can then mount the drive by a single mouse click on the icon
> displayed there.
>
> This happens despite some pages on the WEB are telling that this would not be possible
> unless the mount point would be created in /media instead of /mnt.

Because the desktop automatics read fstab. This feature is available on
some desktops and not on others. In fact, I think it was available years
ago on one desktop, then disappeared with a version change, then
appeared on a different desktop… If my memory serves, which often
doesn’t

> Copying a file to that volume as the standard user still isn’t possible
> (access denied).
>
> Unmounting that drive again.

No need.

Simply chown “/mnt/Medi2TB2_EXT4/”, as root, while mounted, to your
user. It usually survives reboots and replugs.

Notice that the ownership of “/mnt/Medi2TB2_EXT4/” while mounted and
while umounted can be different.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Because Linux is not Windows and Windows is notLInux. Be glad that people put effort in at least trying to create an interface to do some things with those Linux unfriendly file systems.

I would not even discuss such an approach and unsubscribe from the thread.

A bit awkward directory name, but that is up to you

That option is mentioned in several threads here. It is clearly in the man page. My advice would be to add “noauto” to the entry. It will then not even try to mount on boot, saves time.

Personaly I prefer using /dev/disk/by-label/Medi2TB2_EXT4 over the LABEL= contrsuct. But both wotk out in the same way, as advertised in the man pages (for the LABEL=) and by the definition of a symbolic link for the other one.

It is a silly feature in general. End-users should not worry about volumes. Except may be in your case. But not for the allways mounted volumes.

Of course you can. The “user” option allows the user to mount as I told you (and it is in the man page). If you do that by typing a mount command or let Dolphin type it, is irrelevant.

No understanding at all. And it i so simple. Read http://en.opensuse.org/SDB%3ABasics_of_partitions,_filesystems,_mount_pointsfor the basics, understand ownership and permissions and there you are.

Again, that is what I told you. And it is no magic, it is how ownership and permissions work and has nothing to do with mounting.

You are welcome.