I don’t know if this is on the right board, but I have my Windows partition mounted as /windows. And my media folders are just symlinks to those folders on Windows. But for some reason, they’re read-only as a normal user. I have to be root to move anything into them. It’s probably because SUSE is locked down for security but is there any way to solve this?
On 2014-07-10 20:06, Handsofakiller209 wrote:
>
> I don’t know if this is on the right board,
Well, the “applications” one is more appropriate 
> but I have my Windows
> partition mounted as /windows. And my media folders are just symlinks to
> those folders on Windows. But for some reason, they’re read-only as a
> normal user. I have to be root to move anything into them. It’s probably
> because SUSE is locked down for security but is there any way to solve
> this?
No, the symlinks themselves are not the problem.
The problem are the destination of the links, which typically are read only if on a windows partition.
Are you mounting your windows partition from fstab?
I do it this way:
LABEL=Windows_Main /windows/C ntfs-3g user,users,gid=users,fmask=0117,dmask=0007,locale=en_US.UTF-8 0 0
Another way is to simply write “defaults” in there.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)
The default fstab options for NTFS partitions in YaST->System->Partitioner allow only write access for root, yes.
To change it you would have to edit those options, either in YaST or directly in the file /etc/fstab.
Just remove all options from that fstab options field so that it is completely empty, and all users should be able to write to that partition.
If you edit /etc/fstab directly, change the entry for your windows partition to something like:
/dev/sdb1 /windows/C ntfs-3g defaults 0 0
If you want to restrict write access to one particular user, please say so for detailed instructions.
Hi all!
According to
https://wiki.archlinux.org/index.php/fstab
‘defaults’ - at least for ext4 - represents the options ‘rw, suid, dev, exec, auto, nouser, async’.
I think I somewhere saw what ‘defaults’ in /etc/fstab means for NTFS volumes, but that wasn’t simple either.
In my /etc/fstab, for the windows partition ‘D:’ - which I want to have accessible by the standard (or non-root) user - I have the enty
/dev/disk/by-id/ata-ST2000NM0033-9ZM175_Z1X0TDA9-part4 /windows/D ntfs-3g user,noauto 0 0
For windows partitions that should not be changed (like my windows partition ‘C:’ - or especially the ‘MS system reserved’ partition of win7) in /etc/fstab I have the entries
/dev/disk/by-id/ata-ST2000NM0033-9ZM175_Z1X0TDA9-part1 /windows/MSsystem ntfs-3g ro,user,noauto 0 0
/dev/disk/by-id/ata-ST2000NM0033-9ZM175_Z1X0TDA9-part3 /windows/C ntfs-3g ro,user,noauto 0 0
Another thing that additionally may help, may be to open a terminal,
become root (command ‘su’),
and enter
/sbin/set_polkit_default_privs standard
Good luck
Mike
PS:
if you omit/remove the ‘noauto’ option in /etc/fstab for the windows volumes,
these will be mounted at boot.
The option ‘ro’ means ‘read only’.
According to “man mount” defaults is filesystem independent, and means “rw, suid, dev, exec, auto, nouser, and async”, yes.
So what?
The defaults just work, they mount the partition during boot and give access to all users.
That was the point.
In my /etc/fstab, for the windows partition ‘D:’ - which I want to have accessible by the standard (or non-root) user - I have the enty
/dev/disk/by-id/ata-ST2000NM0033-9ZM175_Z1X0TDA9-part4 /windows/D ntfs-3g user,noauto 0 0
“user” does not work with ntfs-3g anyway.
If you try to mount as a user, you will get an error message:
wolfi@amiga:~> mount /dev/sdb1
Unprivileged user can not mount NTFS block devices using the external FUSE
library. Either mount the volume as root, or rebuild NTFS-3G with integrated
FUSE support and make it setuid root. Please see more information at
http://tuxera.com/community/ntfs-3g-faq/#unprivileged
If you can mount it in your Desktop Environment, then that’s because udisks2 runs as root and does the mounting for you.
For windows partitions that should not be changed (like my windows partition ‘C:’ - or especially the ‘MS system reserved’ partition of win7 - in /etc/fstab I have the entries
/dev/disk/by-id/ata-ST2000NM0033-9ZM175_Z1X0TDA9-part1 /windows/MSsystem ntfs-3g ro,user,noauto 0 0 /dev/disk/by-id/ata-ST2000NM0033-9ZM175_Z1X0TDA9-part3 /windows/C ntfs-3g ro,user,noauto 0 0
Ok, you can mount it read-only of course if you want to, but that is exactly the opposite than the OP wanted.
And again, ‘user’ doesn’t help at all here.
Another thing that additionally may help, may be to open a terminal,
become root (command ‘su’),
and enter
/sbin/set_polkit_default_privs standard
And how exactly should this help?
set_polkit_default_privs does not take any parameter, it applies the settings in /etc/sysconfig/security, so that “standard” you mention is useless.
And it would only give your user permissions to mount non-system (i.e. external) disks with udisks2 without having to enter the root password.
And that should be the default.
udisks2 should mount a disk in a way that the user can write to it anyway, regardless of those polkit rules.
The polkit rules only influence whether the user is allowed to mount or not, or whether he has to enter a password (root’s or the user’s).
It won’t help at all with mounts via mount and fstab.
Hi wolfi323!
I didn’t want to be impolite.
On my PC, having
/dev/disk/by-id/ata-ST2000NM0033-9ZM175_Z1X0TDA9-part4 /windows/D ntfs-3g user,noauto 0 0
in /etc/fstab just works fine:
Yes, I have to enter the root password when mounting the volume ( D: ), which is just the way I want it
(because I’m not the only one using this PC).
After that, I have full access to that volume as the standard (non-root) user.
Sure?
Please take a look at ‘/sbin/set_polkit_default_privs’ again:
On my PC it starts with
shopt -s nullglob
. /etc/sysconfig/security || exit 1
if -z "$POLKIT_DEFAULT_PRIVS" ]; then
case "$PERMISSION_SECURITY" in
*secure*|*paranoid*) POLKIT_DEFAULT_PRIVS="restrictive" ;;
*) POLKIT_DEFAULT_PRIVS="standard" ;;
esac
fi
Best wishes
Mike
wolfi323,
you once helped me with respect to polkit,
see
http://forums.opensuse.org/showthread.php/488746-Is-there-a-way-to-disable-Remember-authorization-by-default-in-12-3?p=2572366#post2572366
Again, udisks2 mounts it for you. And it doesn’t care about the “user” option, only about the polkit rules.
As I wrote, udisksd runs as root and can mount that partition, regardless whether you set “user” or “nouser”.
Sure?
Please take a look at ‘/sbin/set_polkit_default_privs’ again:
On my PC it starts with
shopt -s nullglob . /etc/sysconfig/security || exit 1 if -z "$POLKIT_DEFAULT_PRIVS" ]; then case "$PERMISSION_SECURITY" in *secure*|*paranoid*) POLKIT_DEFAULT_PRIVS="restrictive" ;; *) POLKIT_DEFAULT_PRIVS="standard" ;; esac fi
Well, have yourself a look at what you posted here.
Where does it respect the option “standard” there?
First it sources /etc/sysconfig/security (which can set $POLKIT_DEFAULT_PRIVS), and ony sets $POLKIT_DEFAULT_PRIVS if it is empty. And it sets it depending on what $PERMISSION_SECURITY contains (this is also set in /etc/sysconfig/security).
Yes, I know. 
Still, this doesn’t change the fact that mount doesn’t care about polkit. udisks2 (and therefore KDE and GNOME) does though.
And via polkit you can only influence who is allowed to mount (and whether he has to enter a password), not who can access the mounted partition.
Hi wolfi323 again,
Yes, sorry, you’re right.
And in /etc/sysconfig/security I have
POLKIT_DEFAULT_PRIVS=""
Mike
Which means that POLKIT_DEFAULT_PRIVS is set according to PERMISSION_SECURITY.
I.e. if PERMISSION_SECURITY contains “secure” or “paranoid”, POLKIT_DEFAULT_PRIVS will be set to “restrictive” (and the rules from /etc/polkit-default-privs.restrictive are used), otherwise “standard” (which implies /etc/polkit-default-privs.standard of course).
What can not be seen in the part you posted is that you can override or add rules in /etc/polkit-default-privs.local, provided that PERMISSION_SECURITY contains “local” as well.
Btw, the settings in /etc/sysconfig/security do affect mount (via fstab) as well, as they also change file permissions (f.e. setting/clearing the suid bit on “mount” and the mount.xxx helpers, which is needed for user mounts). But this is unrelated to polkit, and is done via “chkstat” and /etc/permissions.* .
Thanks!
Seems I have to explore my openSUSE a bit more
Best wishes
Mike