kosmosik
15th January 2005, 02:09 PM
Preface
Note: Fedora ships kernels without NTFS support (due to licensing/legal problems). If you wish to use this filesystem you need to perform few additional steps (install kernel module for NTFS). This issue is fully covered so I won't elaborate on that. Please refer to this document (http://linux-ntfs.sourceforge.net/rpm/index.html) prior to asking questions on this forum.
Lot of us use so called dual boot configurations. Meaning running Windows side by side with Linux. In those cases we wish to mount these filesystems under our Linux file tree - f.e. to share files between systems. The easier way to do it is to issue mount command (as root, of course all these commands require root access):
mkdir /tmp/fatfs
mount /dev/hda1 /tmp/fatfs
The problem
But doing so leaves us with few problems.
We must have root access to do it.
Files are mounted with strict permissions (only root can modify them).
We want to have control over who is allowed to access these files. It is a security measure. Since f.e. if we are running web server and this server gets hacked we don't want this hacked server to be able to delete files on our FS.
We want this FS to be mounted on boot time.
We want the files and directories to look nice when browsing them (permissions).
We can achieve some of these with scripts etc. but it is not a proper way. So I'll describe the proper way here.
Brief explanation of mount options for FAT/NTFS filesystems (and some hints)
Note:Look at mount manual ("man mount") to see more detailed description.
The options we will use are auto, rw, uid, gid, showexec, quiet, umask, fmask, dmask:
auto - means that filesystem will be mounted on boot time.
rw - this implies read/write access to filesystem.
uid - represents the user ID (numeric). Files will be present with this user as owner when the FS will be mounted. you probably wish set this to user root (uid 0).
gid - represents the group ID (numeric). Files will be present owned by this group when the FS will be mounted. You will probably wish to have separate group to control who can access filesystem. More info on that below.
showexec - makes the system to look after DOS/Windows executable files (EXE, COM... and directories) and sets them with exec file permission.
quiet - means the system will not output errors when we try to change file parameter on filesystem (obviously we can't do that since FAT does not supports that).
umask - represents reverted octal permissions that files will get upon mount. This is tricky because it is reverted. So if you want files to be 770 (mean files fully accesible to user stated in uid and group stated as gid options and not accessible by all/others. You must revert the values so it will be 007.
fmask - same as umask but only for files (not directories).
dmask - same as umask but only for directories. Note that directories must have exec permission so you can list them (you still can read files from directories which have read permission but you need to know full path to the file).
Note: the fmask and dmask options are present only in systems running kernel 2.6 - so if you are using Fedora Core 1 (newer versions run kernel 2.6) you need to use umask parameter.
Example
To illustrate this I'll show example of such usage.
First we need to create mountpoint (directory where filesystem will be mounted) let's say "/mnt/fat" (usually we state this upon install so it should be already present, in this document I assume that we are doing everything from scratch). Don't bother with this directory permissions - they will be changed on boot. And we assume our filesystem resides on "/dev/hda1".
Then we need to add a group that will be allowed to read/write files on our filesystem. Usualy it is good to have separate group for "better" users - with more controll, access to more commands etc. if you have such - use this group. To add group we use following command:
groupadd -g 500 fat
We just created group named "fat" with ID 500. Now we add our username to this group:
usermod -G fat me
("me" is my username, you need to do it with every user you wish to be able accessing this FS)
Now we edit /etc/fstab line about our filesystem (it may be already present):
/dev/hda1 /mnt/fat auto auto,rw,uid=0,gid=500,showexec,quiet,fmask=117,dma sk=007 0 0
# This forum cripples the display a little.
# It should be without spaces in options section.
Some explanations: first "auto" means that filesystem type (f.e. vfat) will be autodetected. "0 0" are options for dump program. Probably few us use this program so I won't refer to that - just leave them as is. Other options are explained above.
What it does? It mounts our filesystem (/dev/hda1) in /mnt/fat mount point. Files are set with 660 permission (but EXE and similar get 770) and directories with 770 and are present with root owner and fat group. This means that root and members of fat group have full access to this filesystem. All other users can't even get into its directory. Also there are few neat fetures as mouting automagically on boot and supressing output messages (those can be annoying as some programs often try to modify permissions - f.e. editors and file managers).
Please post any comments on this forum. Also please correct if you find some faults (repost entire corrected article). Have fun with Linux. :]
Note: Fedora ships kernels without NTFS support (due to licensing/legal problems). If you wish to use this filesystem you need to perform few additional steps (install kernel module for NTFS). This issue is fully covered so I won't elaborate on that. Please refer to this document (http://linux-ntfs.sourceforge.net/rpm/index.html) prior to asking questions on this forum.
Lot of us use so called dual boot configurations. Meaning running Windows side by side with Linux. In those cases we wish to mount these filesystems under our Linux file tree - f.e. to share files between systems. The easier way to do it is to issue mount command (as root, of course all these commands require root access):
mkdir /tmp/fatfs
mount /dev/hda1 /tmp/fatfs
The problem
But doing so leaves us with few problems.
We must have root access to do it.
Files are mounted with strict permissions (only root can modify them).
We want to have control over who is allowed to access these files. It is a security measure. Since f.e. if we are running web server and this server gets hacked we don't want this hacked server to be able to delete files on our FS.
We want this FS to be mounted on boot time.
We want the files and directories to look nice when browsing them (permissions).
We can achieve some of these with scripts etc. but it is not a proper way. So I'll describe the proper way here.
Brief explanation of mount options for FAT/NTFS filesystems (and some hints)
Note:Look at mount manual ("man mount") to see more detailed description.
The options we will use are auto, rw, uid, gid, showexec, quiet, umask, fmask, dmask:
auto - means that filesystem will be mounted on boot time.
rw - this implies read/write access to filesystem.
uid - represents the user ID (numeric). Files will be present with this user as owner when the FS will be mounted. you probably wish set this to user root (uid 0).
gid - represents the group ID (numeric). Files will be present owned by this group when the FS will be mounted. You will probably wish to have separate group to control who can access filesystem. More info on that below.
showexec - makes the system to look after DOS/Windows executable files (EXE, COM... and directories) and sets them with exec file permission.
quiet - means the system will not output errors when we try to change file parameter on filesystem (obviously we can't do that since FAT does not supports that).
umask - represents reverted octal permissions that files will get upon mount. This is tricky because it is reverted. So if you want files to be 770 (mean files fully accesible to user stated in uid and group stated as gid options and not accessible by all/others. You must revert the values so it will be 007.
fmask - same as umask but only for files (not directories).
dmask - same as umask but only for directories. Note that directories must have exec permission so you can list them (you still can read files from directories which have read permission but you need to know full path to the file).
Note: the fmask and dmask options are present only in systems running kernel 2.6 - so if you are using Fedora Core 1 (newer versions run kernel 2.6) you need to use umask parameter.
Example
To illustrate this I'll show example of such usage.
First we need to create mountpoint (directory where filesystem will be mounted) let's say "/mnt/fat" (usually we state this upon install so it should be already present, in this document I assume that we are doing everything from scratch). Don't bother with this directory permissions - they will be changed on boot. And we assume our filesystem resides on "/dev/hda1".
Then we need to add a group that will be allowed to read/write files on our filesystem. Usualy it is good to have separate group for "better" users - with more controll, access to more commands etc. if you have such - use this group. To add group we use following command:
groupadd -g 500 fat
We just created group named "fat" with ID 500. Now we add our username to this group:
usermod -G fat me
("me" is my username, you need to do it with every user you wish to be able accessing this FS)
Now we edit /etc/fstab line about our filesystem (it may be already present):
/dev/hda1 /mnt/fat auto auto,rw,uid=0,gid=500,showexec,quiet,fmask=117,dma sk=007 0 0
# This forum cripples the display a little.
# It should be without spaces in options section.
Some explanations: first "auto" means that filesystem type (f.e. vfat) will be autodetected. "0 0" are options for dump program. Probably few us use this program so I won't refer to that - just leave them as is. Other options are explained above.
What it does? It mounts our filesystem (/dev/hda1) in /mnt/fat mount point. Files are set with 660 permission (but EXE and similar get 770) and directories with 770 and are present with root owner and fat group. This means that root and members of fat group have full access to this filesystem. All other users can't even get into its directory. Also there are few neat fetures as mouting automagically on boot and supressing output messages (those can be annoying as some programs often try to modify permissions - f.e. editors and file managers).
Please post any comments on this forum. Also please correct if you find some faults (repost entire corrected article). Have fun with Linux. :]
