ntfs-3g as normal user without having access rights to volume
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ntfs-3g as normal user without having access rights to volume
I need to be able to mount NTFS volumes as normal user but without having to chmod/chown this volume for security reasons.
ntfs-3g FAQ says
Quote:
Unprivileged block device mounts work only if all the below requirements are met:
1. ntfs-3g is compiled with integrated FUSE support
2. the ntfs-3g binary is at least version 1.2506
3. the ntfs-3g binary is set to setuid-root
4. the user has access right to the volume
5. the user has access right to the mount point
and
Quote:
The 'mount' command doesn't invoke the ntfs-3g binary with the needed privilege after it has checked and approved the user is entitled to mount a given device on a specified mount point, hereby the user can't open the device he got the approval in /etc/fstab. This is a problem in the 'mount' utility.
So, as i see, neither ntfs-3g, nor util-linux projects are willing to make things work (souldn't this have already been reported to util-linux?). How could i then achieve my goal? How do you cope with such problems? No one of the distros i tried have any applied solutions for this.
I'm not sure what you want to do is secure. That aside, here's the problem:
If mount invokes ntfs-3g as root (which it doesn't for security reasons), then all the permissions on the NTFS volume will be granted to only the root user. If it's not root, it needs permissions to read the volume.
It's not that ntfs-3g and util-linux are unwilling to make things work, it's just that there's no secure way to do it.
In theory, you can set /bin/ntfs-3g to suid root (chmod +s /bin/ntfs-3g) and make sure your user has access to the proper device, like /dev/sda1 (usually, you just need to include your user into the appropriate group) and has the access to the mountpoint. Then, it will work.
If mount invokes ntfs-3g as root (which it doesn't for security reasons), then all the permissions on the NTFS volume will be granted to only the root user. If it's not root, it needs permissions to read the volume.
Using sudo mount works without problems to access mounted volume by non-root users. But the only thing i need is to be able to mount NTFS volumes as any other volume like ext3, i.e. without having rw permissions for /dev/sd*, but having fstab entry.
Quote:
make sure your user has access to the proper device, like /dev/sda1 (usually, you just need to include your user into the appropriate group)
Yes, that's just what FAQ says. But if i add the user into "disk" group, the user will be able to r/w any disk in the system, be it mounted or not. If make user able to r/w only NTFS disks, that means that something should be seriously tweaked in the system, e.g. udev rules to change group of NTFS volumes to something specific like ntfsuser.
But changing volume permissions is what i want to avoid at all.
Most filesystem drivers (ext3, etc.) are implemented in the kernel. NTFS-3g uses FUSE, so the NTFS-3g process needs permissions to read the device containing the filesystem.
NTFS-3g process needs permissions to read the device containing the filesystem.
But it IS setuid. Why then it refuses to use these permissions given by setuid bit?
Code:
$ ls -l `which ntfs-3g`
-rwsr-xr-x 1 root root 89547 2009-06-04 12:37 /bin/ntfs-3g
$ mount /mnt/docs
Error opening '/dev/sda1': Permission denied
Failed to mount '/dev/sda1': Permission denied
Please check '/dev/sda1' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
http://ntfs-3g.org/support.html#unprivileged
Then add the user to 'disk' group so that it can write to /dev/sda*
As i have already written,
Quote:
Originally Posted by 10110111
if i add the user into "disk" group, the user will be able to r/w any disk in the system, be it mounted or not. If make user able to r/w only NTFS disks, that means that something should be seriously tweaked in the system, e.g. udev rules to change group of NTFS volumes to something specific like ntfsuser.
But changing volume permissions is what i want to avoid at all.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
