Hi there. We have a dual boot machine at home (WinXP/openSuSE). There are huge Documents folders on the XP ntfs partition so that they cannot be duplicated on the SuSE partition. Nor can they be moved over to the SuSE partition because they need to be accessed from within XP. Instead, we just redirected (soft-linked) all our SuSE /home/Documents folders to the corresponding folders on the XP partition. The problem is, we mount the XP partition read-write, so we can save our documents from within SuSE; that way, however, the SuSE users can access each other’s folders, which is not politically correct, and, what’s far worse, they can access XP root and system areas freely (thus potentially messing up the XP partition). Mind you, there’s two pre-school brats using the computer. Is there a simple way to make only personal folders on a ntfs partition browsable from within SuSE and prevent other folders to be browsed? With simple I mean without having to go through lengthy or convoluted procedures, such as encrypting the ntfs partition, converting ntfs to ext3 
or things like that.
JosipBroz wrote:
>
> Hi there. We have a dual boot machine at home (WinXP/openSuSE). There
> are huge Documents folders on the XP ntfs partition so that they
> cannot be duplicated on the SuSE partition. Nor can they be moved over
> to the SuSE partition because they need to be accessed from within
> XP. Instead, we just redirected (soft-linked) all our SuSE
> /home/Documents folders to the corresponding folders on the XP
> partition. The problem is, we mount the XP partition read-write, so we
> can save our documents from within SuSE; that way, however, the SuSE
> users can access each other’s folders, which is not politically
> correct, and, what’s far worse, they can access XP root and system
> areas freely (thus potentially messing up the XP partition). Mind you,
> there’s two pre-school brats using the computer. Is there a simple way
> to make only personal folders on a ntfs partition browsable from within
> SuSE and prevent other folders to be browsed? With simple I mean without
> having to go through lengthy or convoluted procedures, such as
> encrypting the ntfs partition, converting ntfs to ext3 or things
> like that.
For the NTFS partition, have mount options:
uid=jospip,gid=users,fmask=0377,dmask=0277
This will allow them to potentially write.
Then, take away their access to the /windows path:
$ chmod go-rwx /windows
Then, create mount points within the user’s home directories, like
$ for X in user1 user2; do mkdir --mode=700 -v /home/${X}/WinDocs &&
chown -v ${X}:users /home/${X}/WinDocs; done
And mount the user’s Documents directory inside his home:
mount --bind /windows/c/Documents\ and\ Settings/user1/ /home/user1/WinDocs
or something like that…
regards,
Andreas
A very exhaustive answer, Andreas. Thanx a bunch! I never thought you could chmod/chown ntfs partitions like that, since I know they have a totally different set of ACL from linux.
You actually can’t chmod/chown elements inside NTFS, right. You’re limited to the uid,gid,umask,fmask,dmask mount options.
But you can chown/chmod the directory containing the mount points (here: /windows contains /windows/c) and have each user have a limited view on the mounted file system from within their home directory.
Thx. Everything is clear now.
The above solution seems correct and promising, but I must be doing smth wrong, 'cause I am repeatedly bumping into a problem. Can anyone confirm the following: after you mount a device onto a folder, all the permissions previously set on the folder get lost/overridden by the mount permissions. No matter what permissions I set on my /media/windows folder, after mounting my NTFS partition on /media/windows, ONLY the mount permissions apply. Thus, if I set my /media/windows folder as, say, only readable by root, regular users can’t browse into /media/windows. As soon as I actually mount the ntfs partition on /media/windows, however, the folder is no longer off-limits, all users can browse the mounted partition and do other potentially nasty things (depending on the options set in fstab). Can anyone confirm this? Is this by design in linux? Do the mount point folder permissions cease to apply as soon as anything is actually mounted on it?
rotfl! So, can anybody confirm this? How exactly do the mount folder permissions and the mount options interact in Linux? Is there any guru outthere itching to enlighten me (and other bewildered noobs)?
JosipBroz schrieb:
> [A]fter you mount a device onto a folder, all the
> permissions previously set on the folder get lost/overridden by the
> mount permissions. No matter what permissions I set on my
> /media/windows folder, after mounting my NTFS partition on
> /media/windows, ONLY the mount permissions apply. …] Can
> anyone confirm this?
For NTFS or other non-Unix/Linux partitions that description is
correct. For Linux partitions (eg. ext3) the permissions set
within the mounted filesystem apply.
> Is this by design in linux? Do the mount point
> folder permissions cease to apply as soon as anything is actually
> mounted on it?
It is by design. As far as the user is concerned, the mount
operation entirely replaces the mount point by the mounted
filesystem.
What was not foreseen in that design is mounting filesystems
which have no concept of permissions (eg. FAT) or whose
permission settings Linux doesn’t understand (eg. NTFS).
For these cases, the mount permission settings were
introduced as a workaround.
HTH
T.
–
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
Thanx. That settles it, I guess: it’s therefore not possible to set different ACLs for different NTFS directories (on the same partition) in Linux in any way. Or is there?
JosipBroz schrieb:
> Thanx. That settles it, I guess: it’s therefore not possible to set
> different ACLs for different NTFS directories (on the same partition)
> in Linux in any way.
You’re right, Tito. 