Access Persmissions on "ntfs-3g" File System

This section provides a tutorial example on how to control access permissions on mounted Windows NTFS partitions with the 'ntfs-3g' device driver.

In the last tutorial, we learned how to mount a Windows NTFS partition with the "ntfs-3g" device driver. Everything works fine on the mounted partition.

But there is one more issue you need to take care of: everyone can access the mounted Windows partition by default. This will be a security problem, if you want to store sensitive information on the mounted partition.

Let's look at the issue by mounting a Windows partition to /mnt/backup with default options:

herong$ ls -l /mnt
drwx------. 2 root root 6 Oct 10 05:20 backup

herong$ sudo mount -t ntfs-3g /dev/sda5 /mnt/backup

herong$ ls -l /mnt
drwxrwxrwx. 1 root root 8192 Oct 10 23:21 backup

As you can see, access permission on the mounted partition has been changed from "700" to "777", which allows everyone to read, write and change files. This is definitely a security issue, if there are multiple users.

You can try to change the access permissions with the "chmod" command, but it will have no impact:

herong$ chmod 700 /mnt/backup

herong$ ls -l /mnt
drwxrwxrwx. 1 root root 8192 Oct 10 23:21 backup

You can try to change the ownership with the "chown" command, but it will have no impact:

herong$ chown herong /mnt/backup

herong$ ls -l /mnt
drwxrwxrwx. 1 root root 8192 Oct 10 23:21 backup

You can try to change the SELinux Type with the "chcon" command, but it will fail.

herong$ sudo chcon -t user_tmp_t /mnt/backup

chcon: failed to change context of '/mnt/backup'
   to ‘system_u:object_r:user_tmp_t:s0’: Operation not supported

To resolve the issue, we have to go back to "ntfs-3g" man page:

herong$ man ntfs-3g

NAME
       ntfs-3g - Third Generation Read/Write NTFS Driver

SYNOPSIS
       ntfs-3g [-o option[,...]]  volume mount_point
       mount -t ntfs-3g [-o option[,...]]  volume mount_point

...

OPTIONS
  Below is a summary of the options that ntfs-3g accepts.

  uid=value and gid=value
    Set the owner and the group of files and directories. The values are
    numerical.  The defaults are the uid and  gid of the current process.

  umask=value
    Set  the   bitmask  of  the  file and directory permissions that are
    not present. The value is given in octal. The default value is 0 which
    means full access to everybody.

  ...

Now let's mount it again for me to access only:

herong$ sudo umount /mnt/backup

herong$ id herong
uid=1000(herong) gid=1000(herong) groups=1000(herong)

herong$ sudo mount -t ntfs-3g -o uid=1000,gid=1000,umask=077 \
   /dev/sda5 /mnt/backup

herong$ ls -l /mnt
drwx------. 1 herong herong  8192 Oct 10 04:07 backup

Perfect, right? Not 100%. Yes, I can control who can access this NTFS partition now. But it still I won't be able to grant different access permissions on its sub-directories, because it is not fully compatible with Linux security architectures.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

File Systems

 "df" - Display Free Space of File System

 Mount USB Drive as File System

 "dd" - Copy Data from/to Storage Devices

 Use "dd" Command to Test I/O Speed

 "du" - Display Disk Usage of Directories

 Mount Windows NTFS File System

Access Persmissions on "ntfs-3g" File System

 Mount Windows Shared Folders

 W95 Ext'd (LBA) Partition

 Reformat NTFS Partition into EXT4 Partition

 NFS (Network File System)

 Mount NFS (Network File System) on macOS

 /etc/mtab and /etc/fstab Files

 Unreachable Remote File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Software Package Manager on CentOS - DNF and YUM

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 LDAP (Lightweight Directory Access Protocol)

 Administrative Tasks

 References

 Full Version in PDF/EPUB