Permission Control for NTFS
We often encounter the problem that to mount NTFS under Linux means no permission control. But that is not true.
According to JanC's Answer on AskUbuntu:
Contrary to what most people believe, NTFS is a POSIX-compatible filesystem, and it is possible to use permission on NTFS.
The First Trial
First let's just open /etc/fstab and see how partitions are mounted.
$ sudo nano /etc/fstab
In my situation, the NTFS partitions are mounted as followed:
/dev/sda1 /mnt/NTFS1 auto nosuid,nodev,nofail,x-gvfs-show 0 0
/dev/sda2 /mnt/NTFS2 auto nosuid,nodev,nofail,x-gvfs-show 0 0
The nosuid keyword prevents setting uid on filesystem. So the First step is to remove this keyword.
However, once this keyword is removed, an uid and a gid must be given to setup the permission control. By default, the current uid and the current gid will be used. We can also specifiy the uid and the gid by "uid=num-id
,gid=num-id
". But be cautious if the partitions are shared in multiple systems. Since the SID(NTFS ID) they use are different, the same username in different systems will not be the same SID. This will mess up the permission unless that is exactly what you want.
The Better Way
Is there a better way to embrace permission control and allow different operating systems to work together?
Of course. (Or there won't be this article.)
The key is to enable User Mapping on NTFS. User Mapping allow linux to map UIDs and GIDs to SIDs. All we need to do is to put a regular text file named UserMapping under /.NTFS-3G/ in the partition. But first we need to generate the mapping between uids/gids and sids.
First, unmount the partition. Then use the tool ntfs-3g.usermap to do the magic for us.
$ sudo umount /dev/sda1
$ sudo ntfs-3g.usermap /dev/sda1
It will ask you to input the corresponding uids and gids for each new sid it meets in the directories/files. In my case I only need to input 4 ids.
The generated UserMapping looks like this:
:1000:S-1-5-21-3141592653-589793238-462643383-513
:1000:S-1-5-21-2715445454-545433243-342343434-513
1000::S-1-5-21-3141592653-589793238-462643383-1008
1000::S-1-5-21-2715445454-545433243-342343434-1008
I don't really understand why the SIDs are so strange, maybe I need to ask Microsoft. But anyway it works. Now all we need to do is to put this file under /.NTFS-3G/ in the partition and mount the partition and—bada-boom!—user control avaliable! Plus it is the same user you use in other OSs!
Additional Options
-
The keyword "usermapping=" can be used to specify the usermap file.
-
Add the keyword "window_names" to the file system's options, so that directories and files in the partition will be assessible to Windows:
/dev/sda1 /mnt/NTFS1 auto window_names,nodev,nofail,x-gvfs-show 0 0
Acknowledgement
[1]. JanC's Answer on AskUbuntu
[2]. ntfs-3g manpage