Linux permissions to mount

Linux — Mount NTFS partition with permissions

Last update: October 30th, 2014

Ubuntu can natively access to a NTFS partition. However, you may not be able to set permissions on it using ‘chmod’ or ‘chown’.

The following instructions will help you on setting up Ubuntu to be able to set permission on a NTFS partition.

Identify the partition

To identify the partition, use the ‘blkid’ command:

It will show you all the current connected hard drive/partitions on the computer.

sudo blkid
/dev/sda1: LABEL=»System Reserved» UUID=»104AFBC24AFBA2A0″ TYPE=»ntfs»
/dev/sda2: UUID=»6E0802260801EE41″ TYPE=»ntfs»
/dev/sda3: UUID=»3dd36e9c-e367-44b2-8ffc-b4ce5ffed287″ TYPE=»ext4″
/dev/sda4: UUID=»1cf0210c-22c3-4e77-99c7-fccf74d3105e» TYPE=»swap»
/dev/sdb1: LABEL=»Data» UUID=»7FC482015907F743″ TYPE=»ntfs»
/dev/sdc1: LABEL=»MULTIBOOT» UUID=»1613-316C» TYPE=»vfat»

Mount the partition once

First, create a mount point in a terminal using ‘mkdir’. Then, type the following line to mount the partition with options ‘permissions’:

sudo mount /dev/sdXN -t ntfs-3g -o permissions [Mount point]

sudo mount /dev/sdb1 -t ntfs-3g -o permissions /media/Data/

Then, you will be able to edit the permissions of the files on the NTFS partition with ‘chmod’ and ‘chown’ !

Mount the partition on boot (permanant solution)

Get the UUID of the partition

The UUID is a unique ID related to the partition. Copy the UUID of the partition using the blkid tool.

Edit the fstab

The fstab file (located at /etc/fstab) is a system configuration file that tells the system which partitions/filesystems we want to mount on boot and where. As we want to mount the NTFS partition on every boot, we will add it to the fstab file.

Add this line in the fstab file:

UUID=[The UUID of the partition] [Mount point] ntfs-3g permissions 0 1

UUID=7FC482015907F743 /media/Data ntfs-3g permissions 0 1

Then, reboot the computer. On boot, it should automatically mount the partition on the specified mount point with options ‘permissions’ and you will be able to edit the permissions of the files on the NTFS partition with ‘chmod’ and ‘chown’ !

Источник

Ubuntu Documentation

Introduction

This document will cover how to connect to a Windows file share from the Linux command line on a single-user machine or a machine where all the users are ok with the other users having access to the mounted share. This method gives you considerably higher performance compared to the userland mounts that most GUI programs create. (just check out the benchmark at MountCifsFstabBenchmark) This method has been tested with Ubuntu 14.04 thru 20.04 and with Windows XP,7,10, and Server2019.

Prerequisites:

• A machine running Ubuntu 14.04 or newer
• A machine running Windows XP or newer
• The IP address or hostname of the Windows machine
• The name of the file share on the Windows machine
• A Windows username and password with permission to the file share
• root access to the Ubuntu machine. Pretty much every command on this page requires root.

Enable Name Resolution

This optional step requires Ubuntu 18.04 or newer and allows you to use the hostname of your windows machines instead of its IP address.

First, install winbind and libnss-winbind

then, edit nsswitch.conf and find the line that starts with «hosts» and add «wins» after «files»

BEFORE: hosts: files mdns4_minimal [NOTFOUND=return] dns )

AFTER: hosts: files wins mdns4_minimal [NOTFOUND=return] dns ) restart the winbind service

Install cifs-utils

Ubuntu’s kernel has built-in support for mounting Windows file shares. It’s called the cifs kernel client, and it’s considerably faster than the mounts created by GUI programs such as nautilus and caja and thunar and some command line programs such as gio.

To be able to control the kernel’s cifs client, you’ll need to install cifs-utils:

Manual mounting from the command line

All of these commands require root permission, so let’s just start bash with root so we don’t have to type sudo on everything:

You’ll need to create a folder to host the mount point:

Most basic mount command

This command will only work if the windows machine as the “Turn OFF password protected sharing” option set.

Let’s start out with the most basic form of the mount command that actually works:

When it asks for a password, don’t type one, just press enter. (replace “win10” with the hostname of your windows machine) (replace the first “share1” with the name of the file share on your windows machine) This command is actually all you need if the windows machine has the “Turn OFF password protected sharing” option set. You will have read/write permission to the share as long as you have root permissions in Linux. You will only have read-only access to the mount from GUI programs because GUI programs don’t normally run with root permission.

Unmounting

(notice it’s not unmount, it’s umount)

Mount with read/write access

In order to get read/write access to your mount from GUI programs or without root permissions, you’ll need to tell the kernel which Linux users are allowed to have read/write access to the mount. If you want ALL Linux users to have read/write access to the mount, you’ll want to use the noperm option, like this:

When it asks for a password, don’t type one, just press enter. -o means mount options are specified next noperm means “client does not do permission check”, which is going to get you read/write access to the mount replace “win10” with the hostname of your windows machine replace the first “share1” with the name of the file share on your windows machine

Mount with authentication — next line

Now let’s assume the windows machine has the “Turn ON password protected sharing” option set, so you will need to specify a windows username and password to access the share.

When it asks for a password, enter the windows password that goes with the windows account.

-o means mount options are specified next

noperm means “client does not do permission check”

replace “john” with the windows username. The windows machine will need to have an account matching this username, and this account needs to have permissions to the file share

replace “domain1” with the name of your active directory domain. If you don’t know what an active directory domain is, you don’t have one, so just leave this option blank or remove it.

replace “win10” with the hostname of your windows machine

replace the first “share1” with the name of the file share on your windows machine

Mount with authentication — same line

Let’s take it one step future and specify the password on the command line too so we don’t have to type it. This could be useful for scripts, but.

SECURITY WARNING: Keep in mind that anybody that has permissions to read the script file will be able to see your windows account password. The password would also be visible briefly in the output of the ps command or any command that shows a list of processes, and even non-root Linux users can see this list. Any program that logs commands would also log the password, including bash’s .history file which is enabled be default.

-o means mount options are specified next

noperm means “client does not do permission check”

replace “john” with the windows username. The windows machine will need to have an account matching this username, and this account needs to have permissions to the file share

replace “123” with the windows password

replace “domain1” with the name of your active directory domain. If you don’t know what an active directory domain is, you don’t have one, so just leave this option blank or remove it.

replace “win10” with the hostname of your windows machine

replace the first “share1” with the name of the file share on your windows machine

Mount with authentication — file

If you don’t like having those security risks, you can put the windows username and password in a separate file, and make that file readable only by root:

-o means mount options are specified next

noperm means “client does not do permission check”

replace “/root/creds.txt” with the file that contains the windows username/password

replace “win10” with the hostname of your windows machine

replace the first “share1” with the name of the file share on your windows machine

Now we need to create our creds.txt file

replace “john” with the windows username. The windows machine will need to have an account matching this username, and this account needs to have permissions to the file share

replace “123” with the windows password

replace “domain1” with the name of your active directory domain. If you don’t know what an active directory domain is, you don’t have one, so just leave this option blank or remove it.

You can make it readable only by root:

FSTAB

If you want to have persistent mounts, so that the mounts get mounted automatically at boot time, you can use the fstab file.

If the windows machine has the “Turn OFF password protected sharing” option set, and you want all Linux users to have read/write permissions to the share, add this line to the bottom of the fstab file:

replace “win10” with the hostname of your windows machine

replace the first “share1” with the name of the file share on your windows machine

cifs tells the kernel to use mount.cifs as opposed to ext3 or ntfs or some other type of file system

noperm means “client does not do permission check”. This is required for read/write permissions from non-root linux users. You can safely remove this option if you only want root to have read/write and other users will have read-only

_netdev will cause the kernel to wait on the network to become ready before attempting the mount. Without this option, the mount will probably fail during boot because the network won’t be ready yet

the 2 zeros tell the kernel we don’t want to dump or check the filesystem

Now you can mount and unmount with very simple commands:

(you’ll need to be root though, unless you want to adjust your sudoers file to allow non-root users to have this ability)

FSTAB with inline authentication

Now let’s assume the windows machine has the “Turn ON password protected sharing” option set, so you will need to specify a windows username and password to access the share. SECURITY WARNING: Keep in mind that anybody that has permissions to read the fstab file will be able to see your windows account password, and the fstab file is readable by all Linux users by default!

replace “win10” with the hostname of your windows machine

replace the first “share1” with the name of the file share on your windows machine

cifs tells the kernel to use mount.cifs as opposed to ext3 or ntfs or some other type of file system

noperm means “client does not do permission check”. This is required for read/write permissions from non-root Linux users. You can safely remove this option if you only want root to have read/write and other users will have read-only

_netdev will cause the kernel to wait on the network to become ready before attempting the mount. Without this option, the mount will probably fail during boot because the network won’t be ready yet

replace “john” with the windows username. The windows machine will need to have an account matching this username, and this account needs to have permissions to the file share

replace “123” with the windows password

replace “domain1” with the name of your active directory domain. If you don’t know what an active directory domain is, you don’t have one, so just leave this option blank or remove it.

the 2 zeros tell the kernel we don’t want to dump or check the filesystem

FSTAB with file authentication

If you aren’t cool with all linux users being able to see your windows password, or you don’t want programs you run without root to be able to see your windows username and password, you can put the windows username and password in a separate file, and make that file readable only by root:

replace “win10” with the hostname of your windows machine)

replace the first “share1” with the name of the file share on your windows machine)

cifs tells the kernel to use mount.cifs as opposed to ext3 or ntfs or some other type of file system)

noperm means “client does not do permission check”. This is required for read/write permissions from non-root Linux users. You can safely remove this option if you only want root to have read/write and other users will have read-only)

_netdev will cause the kernel to wait on the network to become ready before attempting the mount. Without this option, the mount will probably fail during boot because the network won’t be ready yet)

replace “/root/creds.txt” with the file that contains the windows username/password) (the 2 zeros tell the kernel we don’t want to dump or check the filesystem)

Now we need to create our creds.txt file:

replace “john” with the windows username. The windows machine will need to have an account matching this username, and this account needs to have permissions to the file share replace “123” with the windows password replace “domain1” with the name of your active directory domain. If you don’t know what an active directory domain is, you don’t have one, so just leave this option blank or remove it. You can make it readable only by root:

If you need even more security

This should cover the majority of home and business use cases. In more complex business environments, you might need to setup a mount that some users have read-only access to, and other users have full read/write, and other users have no access at all. The usermode fuse cifs client (which is what gui programs like natulus and caja use) is the easy answer to this, but there is a huge performance penalty. If you need fancy permissions AND speed, check out the MountCifsFstabSecurely page.

Troubleshooting

— If you are having a problem with the FSTAB method, try the manual mounting method and you will likely discover your problem.

— If you have access to another windows computer, see if it will mount the fileshare properly.

— Check the kernel log after you get a mount error to see if it logged a more useful error message:

Ignore the white messages. Only the red messages are relevant. Search the internet for these error message(s)

Common mistakes

— Don’t use backslashes in the windows unc paths, always use forward slashes

• Incorrect: \\win10\share1 Correct: //win10/share1

— Don’t put spaces in the credentials options.

• Incorrect: username = john Correct: username=john

— If your windows password has special characters in it, like spaces or symbols, you might need special escape codes to make Linux read the password properly.

Common error messages

— mount: /mnt/share1: cannot mount //win10/share1 read-only.

• You need to install cif-utils

— mount error: could not resolve address for . Unknown error

You need to Enable Name Resolution (see section above)

— mount error(2): No such file or directory

• The windows machine couldn’t be found. Can you ping it? OR the share name isn’t valid. Try this command to see if you can see the list of shares:

— mount error(13): Permission denied

• Your windows username or password isn’t being accepted by the windows machine. Check the windows account to make sure “force user to change password on next login” isn’t on, and make sure “disable account” is off.

— mount error(112): Host is down

• You are probably using Ubuntu 16.04 or older with Windows 10 or newer. You can make your mount work by adding «vers=3.0» to the options.

— The mount command appears to hang when mounting a share on a Windows XP or older computer and smbclient throws «protocol negotiation failed: NT_STATUS_IO_TIMEOUT».

• You can make your mount work by adding «vers=1.0» to the options.

MountCifsFstab (последним исправлял пользователь shippj 2020-08-03 21:30:52)

The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details

Источник