15th January 2007, 08:33 AM
Join Date: Oct 2006
How to setup file permissions for ntfs & fat
I found this and thought it might be of use
Mounting and setting permissions for FAT (and NTFS) file systems
by Konrad Kosmowski on Jan 18, 2005
Note: Fedora ships kernels without NTFS support (due to licensing/legal problems). If you wish to use this file system you need to perform few additional steps (install kernel module for NTFS). This issue is fully covered so I won't elaborate on that. Please refer to this document prior to asking questions about NTFS. Also keep in mind that NTFS support is for reading only (consider that when setting permissions to match this restriction).
A lot of us use so called dual boot configurations. Meaning running Windows side by side with Linux. In those cases we wish to mount Windows orgining (since we can't do other way) file systems (FS from now) under our Linux file tree - i.e. to share files between systems. The easiest way to do it is to issue mount command (as root, of course all these commands require root access):
# mkdir /tmp/fatfs
# mount /dev/hda1 /tmp/fatfs
(I assume here that you know which device in /dev directory is your partition, for this example it is /dev/hda1.)
But doing so leaves us with few problems:
* We must have root access to do it.
* Files are mounted with strict permissions (only root can modify them).
* We want to have control over who is allowed to access these files. It is a security measure. Since i.e. if we are running web server and this server gets hacked we don't want this hacked server to be able to delete files on our FS.
* We want this FS to be mounted on boot time.
* We want the files and directories to look nice when browsing them (permissions).
We can achieve some of these points with scripts etc. but it is not a proper way. So I'll describe the proper way to do it.
Brief explanation of options
Note: Look at mount manual (man mount) to see more detailed description.
The options we will use are auto, rw, uid, gid, showexec, quiet, umask, fmask, dmask:
* auto - means that FS will be mounted at boot time.
* rw - this implies read/write access to FS.
* uid - represents the user ID (numeric). Files will be present with this user as owner when the FS will be mounted. You probably wish set this to user root (uid 0).
* gid - represents the group ID (numeric). Files will be present owned by this group when the FS will be mounted. You will probably wish to have separate group to control who can access FS. More info on that below.
* showexec - makes the system to look after DOS/Windows executable files (EXE, COM etc.) and sets them with execute file permission.
* quiet - means the system will not output errors when we try to change file parameter on FS (obviously we can't do that since FAT does not support that).
* umask - represents reverted octal permissions that files will get upon mount. This is tricky because it is reverted. So if you want files to be 770 (mean files fully accessible to owner stated in uid and group stated as gid option and not accessible by all/others) you must revert the values so it will become 007.
* fmask - same as umask but only for files (not directories).
* dmask - same as umask but only for directories. Note that directories must have execution permission so you can list them (you still can read files from directories which have read permission but you need to know full path to the file).
Note: the fmask and dmask options are present only in systems running kernel 2.6 - so if you are using Fedora Core 1 (newer versions run kernel 2.6) you can only use umask option (which is sufficient with showexec option).
To illustrate this I'll show example of such usage.
First we need to create mount point (directory where FS will be mounted) lets say /mnt/fat (usually we state this upon install so it should be already present, in this document I assume that we are doing everything from scratch). Don't bother with this directory permissions - they will be changed on mount anyway. And we assume our FS resides on /dev/hda1.
Now we need to add a group that will be allowed to read/write files on our FS. Usually it is good habbit to have separate group for "better" users - with more control over system/access to more commands etc. if you have such - use this group. To add group we use following command:
# groupadd -g 500 fat
We just created group named fat with ID 500. Now we add our username to this group:
# usermod -G fat me
(me is my username, you need to do it with every user you wish to be able accessing this FS.)
Now we edit /etc/fstab line about our file system (it may be already present):
/dev/hda1 /mnt/fat auto auto,rw,uid=0,gid=500,showexec,quiet,fmask=117,dma sk=007 0 0
# This line is long so it may be break on your display - above must be in one line.
Some explanations: first auto means that FS type will be auto detected. 0 0 are numbers for dump program. Probably few us use this program so I won't refer to that - just leave them as is. Other options are explained above.
What it does? It makes the system mount our FS (/dev/hda1) in /mnt/fat mount point. Files are set with 660 permissions (but EXE and similar get 770) and directories with 770. Files on this FS are present with root as owner and fat group. This means that root and members of fat group have full access to this FS. All other users can't even get into its directory. Also there are few neat features as mounting automagically on boot and suppressing output messages (those can be annoying as some programs often try to modify permissions - i.e. editors and file managers).
Note: This is just an example - you should experiment and use your own settings to fill your needs. With NTFS you should change some settings. Also probably your device name and desired mount point may vary.
I hope you find this little HOWTO helpfull. Have fun with Linux!
PS. Sorry for my poor English but I am not native English speaker.
- CPU: AMD Phenom II X6 Hex Core 1055T 95W Edition @3.5Ghz
- Motherboard: Gigabyte GA-880GM-UD2H
- Cooler: Corsair H50 CPU Cooler
- RAM: Corsair Dominator 8GB (4x2GB) DDR3 1600MHz
- Graphics: Gigabyte GeForce GTS 450 OC 1024MB GDDR5