Giving Removable NTFS Devices Meaningful Permissions

When connecting a removable NTFS formatted device to openSUSE 11.0/GNOME the Gnome Volume Manager supported by HAL will automount this device. Unfortunately all files on this device will be owned by “root:root” with permissions “777”. Which turns copying from this device into some strange adventure where you may end up with quite a few files in your home directory carrying the same unusual permissions. Especially when trying to synchronize directories between devices carrying linux file systems and your removable one.

Here is a way to remedy this situation:

As root:

gedit /usr/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi

   search for "allow these mount options for ntfs" and add the two lines below shown in in bold

 <match key="volume.fstype" string="ntfs">
 <match key="/org/freedesktop/Hal/devices/computer:system.kernel.name" string="Linux">
 <append key="volume.mount.valid_options" type="strlist">uid=</append>
 <append key="volume.mount.valid_options" type="strlist">gid=</append>
 <append key="volume.mount.valid_options" type="strlist">umask=</append>
 **<append key="volume.mount.valid_options" type="strlist">fmask=</append>**
 **<append key="volume.mount.valid_options" type="strlist">dmask=</append>**
 <append key="volume.mount.valid_options" type="strlist">locale=</append>
 <append key="volume.mount.valid_options" type="strlist">utf8</append>

</match>

then

   rchal restart

As normal user:

gconf-editor /system/storage/default_options/ntfs-3g/mount_options

   double-click on "mount_options" and add 4 more list items:

       uid=
       gid=users
       fmask=133
       dmask=022

Finish the “mount_options” key processing with “OK” and leave the gconf-editor. All removable NTFS formatted removable devices are now mounted with permissions comparable to the ones used in users’ home directory. Please, note: As the mount option “uid=” makes you the owner of anything on the removable device you may choose the “gid=” freely now. I suggest you either make it accessible to your main group - as in my example here - or more restricted by specifying “gid=” which is equivalent to “gid=root”. You may also choose a more restrictive "fmask=“177” and “dmask=077” if this is more to your liking.

(published in SDB, 20080804)

This approach works in openSUSE 10.3/GNOME as well.