FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-11-2007, 01:55 PM
Craig White
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

On Tue, 2007-12-11 at 11:00 +0100, craigni wrote:
> Thanks super, Craig--that was a missing link. Not only can my Windows XP boxes see the Fedora system, they can access my home directory. However, the final piece of the puzzle is driving me nuts. They *cannot* access the ntfs-3g drive. The drive shows, but when I click on it, I get an SELinux AVC Denial, which says SELinux is preventing the samba daemon from serving r/o local files to remote clients, and tells me that I need to turn on the samba_export_all_ro boolean, which I did without success.
>
> I even tried to change the permissions on the ntfs-3g drive to match those of my home directory, eg
> cd /mnt
> sudo chown -R username extdrive
> sudo chgrp -R usergroup extdrive
> But weirdness of weirdness, when I ls that drive, all the files are still owned by root root.
>
> Any help in any direction would be massively appreciated,
> Thanks,
----
It would appear that mounting ntfs-3g systems is like mounting vfat
where the user/group that mounts the files is the owner/group of those
files and no amount of chown/chmod will change that.

Mount the disk with uid/gid that you want.

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 02:15 PM
Tim
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

On Tue, 2007-12-11 at 07:55 -0700, Craig White wrote:
> It would appear that mounting ntfs-3g systems is like mounting vfat
> where the user/group that mounts the files is the owner/group of those
> files and no amount of chown/chmod will change that.
>
> Mount the disk with uid/gid that you want.

Without some sort of additional user mapping between which user is which
on Windows versus Linux, I can't see how you could avoid that.

--
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 02:33 PM
Craig White
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

On Wed, 2007-12-12 at 01:45 +1030, Tim wrote:
> On Tue, 2007-12-11 at 07:55 -0700, Craig White wrote:
> > It would appear that mounting ntfs-3g systems is like mounting vfat
> > where the user/group that mounts the files is the owner/group of those
> > files and no amount of chown/chmod will change that.
> >
> > Mount the disk with uid/gid that you want.
>
> Without some sort of additional user mapping between which user is which
> on Windows versus Linux, I can't see how you could avoid that.
----
I don't understand your point.

I know that a fat/vfat mount doesn't understand posix attributes and
they cannot be stored on the filesystem so the uid/gid is declared at
the time of mounting (or if undeclared, root:root because only root can
mount the filesystem unless designated otherwise, i.e. by hal or within
fstab).

Normally, I would point someone to 'man mount' but the parameters for
ntfs-3g aren't included in mount's man pages since it isn't part of the
distribution but I would guess that there is some man page for ntfs-3g.

Guessing (I have read nothing to suggest better), something like this
in /etc/fstab would probably work...

/dev/sdXX /mnt/ntfsdrive ntfs-3g uid=Y,gid=Z,ANY_SELINUX_CONTEXTS 0 0

where XX is the drive letter and partition of the hard drive
(discoverable by typing mount)
where Y is the uid of the desired "user"
where Z is the gid of the desired "user's group"

It seems obvious to me that ntfs-3g is not a good filesystem for
permanent storage but rather a means to use a hard drive on Linux that
is normally used on a Windows computer temporarily.

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 02:34 PM
"Mikkel L. Ellertson"
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

Craig White wrote:
> It would appear that mounting ntfs-3g systems is like mounting vfat
> where the user/group that mounts the files is the owner/group of those
> files and no amount of chown/chmod will change that.
>
> Mount the disk with uid/gid that you want.
>
> Craig
>
Chown/chmod only works on file systems that support it, and I don't
believe that NTFS does. At least the Linux implementation does not.
So you are limited to the mount options to set things for the entire
file system. You can change the apparent permissions on the
files/directories with some of the mount options.

When serving out Samba shares, I find that if you tell Samba to use
the same user/group as you mounted the file system as works well.

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 03:04 PM
"Mikkel L. Ellertson"
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

Craig White wrote:
>
> Normally, I would point someone to 'man mount' but the parameters for
> ntfs-3g aren't included in mount's man pages since it isn't part of the
> distribution but I would guess that there is some man page for ntfs-3g.
>
man ntfs-3g - it looks like it uses the standard mount options, plus
a few specific to ntfs-3g. The allow_other option look interesting.

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-12-2007, 01:01 AM
Tim
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

Craig White:
>>> Mount the disk with uid/gid that you want.

Tim:
>> Without some sort of additional user mapping between which user is which
>> on Windows versus Linux, I can't see how you could avoid that.

Craig White:
> I don't understand your point.
>
> I know that a fat/vfat mount doesn't understand posix attributes and
> they cannot be stored on the filesystem so the uid/gid is declared at
> the time of mounting (or if undeclared, root:root because only root can
> mount the filesystem unless designated otherwise, i.e. by hal or within
> fstab).

Ownership, not permissions.

On Windows, users Tim, Fred, and Barney save their files, and their
files are owned by themselves, with the Windows filing system knowing
the association between files and particular users.

Linux uses a different user identifier system. It can tell that *those*
Windows files are owned by three different people. But without some
mapping that says user 500 on Linux is Tim, and user X on Windows is the
same Tim, and so on for the other users, there isn't a way for each
users files to be owned by the same users on both systems.

Dismounting and remounting the drive with the next user owning all the
files is a mess, and useless for multi-user systems where there actually
are multiple users using it at the same time.

Removable media is a bigger pain. You can plug it into systems which
have completely different users.

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-12-2007, 02:38 AM
Craig White
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

On Wed, 2007-12-12 at 12:31 +1030, Tim wrote:
> Craig White:
> >>> Mount the disk with uid/gid that you want.
>
> Tim:
> >> Without some sort of additional user mapping between which user is which
> >> on Windows versus Linux, I can't see how you could avoid that.
>
> Craig White:
> > I don't understand your point.
> >
> > I know that a fat/vfat mount doesn't understand posix attributes and
> > they cannot be stored on the filesystem so the uid/gid is declared at
> > the time of mounting (or if undeclared, root:root because only root can
> > mount the filesystem unless designated otherwise, i.e. by hal or within
> > fstab).
>
> Ownership, not permissions.
>
> On Windows, users Tim, Fred, and Barney save their files, and their
> files are owned by themselves, with the Windows filing system knowing
> the association between files and particular users.
>
> Linux uses a different user identifier system. It can tell that *those*
> Windows files are owned by three different people. But without some
> mapping that says user 500 on Linux is Tim, and user X on Windows is the
> same Tim, and so on for the other users, there isn't a way for each
> users files to be owned by the same users on both systems.
----
I don't have an NTFS drive that I'm willing to connect up just for
experimentation but OP clearly believes that all files on ntfs-3g mount
were listed as root:root and I have no reason to dispute, that has
always been my experience with vfat mounts.

Thus the concept of 'users' and 'mapping', though intriguing, would be
rather pointless for an NTFS filesystem mounted by ntfs-3g
----
> Dismounting and remounting the drive with the next user owning all the
> files is a mess, and useless for multi-user systems where there actually
> are multiple users using it at the same time.
----
Hence my suggestion that using an NTFS filesystem mounted by ntfs-3g was
simply a temporary solution and not a method for continued operation.
----
> Removable media is a bigger pain. You can plug it into systems which
> have completely different users.
----
depending of course, how it is mounted. Yes if mounted by hal, no if
mounted by fstab and of course, a filesystem that supports posix
attributes.

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-12-2007, 08:36 AM
Szabolcs Szakacsits
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

Craig White <craigwhite <at> azapple.com> writes:
> I don't have an NTFS drive that I'm willing to connect up just for
> experimentation

NTFS support on Linux is fully self-contained just like ext3, XFS, FAT, JFS,
etc, i.e. no need for an alian NTFS drive to do experiments:

http://ntfs-3g.org/quality.html#howtotest

> Thus the concept of 'users' and 'mapping', though intriguing, would be
> rather pointless for an NTFS filesystem mounted by ntfs-3g

Linux-Windows user/group mapping is possible by a file on the NTFS volume called
UserMapping. NTFS ownership and permission support currently available as beta
with the full endorsement and support of the NTFS-3G project from

http://pagesperso-orange.fr/b.andre/security.html

Regards,
Szaka

--
NTFS-3G Lead Developer: http://ntfs-3g.org


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-12-2007, 10:11 AM
Tim
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

On Tue, 2007-12-11 at 20:38 -0700, Craig White wrote:
> Thus the concept of 'users' and 'mapping', though intriguing, would be
> rather pointless for an NTFS filesystem mounted by ntfs-3g

Nup, I'd say it's just as valid as the user ownership in my ext3 /home
partition.

I could well have three people using a Linux box, and the same three
people using Windows, and wanting to each own their own files, all of
the time, no matter where stored.

Whether ntfs-3g can manage that is another matter, but there's
definitely good reasons to want seamless different user ownership across
different file systems.

--
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-12-2007, 03:27 PM
Craig White
 
Default SELinux enforcing, an external ntfs-3g mount, Samba and Fedora 8

On Wed, 2007-12-12 at 09:36 +0000, Szabolcs Szakacsits wrote:
> Craig White <craigwhite <at> azapple.com> writes:
> > I don't have an NTFS drive that I'm willing to connect up just for
> > experimentation
>
> NTFS support on Linux is fully self-contained just like ext3, XFS, FAT, JFS,
> etc, i.e. no need for an alian NTFS drive to do experiments:
>
> http://ntfs-3g.org/quality.html#howtotest
>
> > Thus the concept of 'users' and 'mapping', though intriguing, would be
> > rather pointless for an NTFS filesystem mounted by ntfs-3g
>
> Linux-Windows user/group mapping is possible by a file on the NTFS volume called
> UserMapping. NTFS ownership and permission support currently available as beta
> with the full endorsement and support of the NTFS-3G project from
>
> http://pagesperso-orange.fr/b.andre/security.html
>
> Regards,
----
Szaka - extremely impressive, thanks for the clarity and the major
efforts.

Still, I'm not likely to use NTFS for durable storage on Linux but I
feel that I can confidently use ntfs instead of vfat for portable hard
drives instead of vfat.

User/Group mapping via a manually maintained file is not my idea of fun
but it has to begin somewhere.

Thanks

Craig

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 05:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org