 |
  |
Page 1 of 1
|
[ 8 posts ] |
|
ntfs-3g and truecrypt: umask not respected
| Author |
Message |
|
Bevan
Joined: Thu Mar 04, 2010 20:34
Posts: 7
|
 ntfs-3g and truecrypt: umask not respected Hi! I've got a problem mounting truecrypt-encrypted devices with ntfs-3g. Parameters like uid, gid and umask are not respected. Example: Code: mount /dev/mapper/truecrypt1 /home/bevan/crypt_extern -t ntfs-3g -o "rw,umask=027,uid=1000,gid=100" mounts the volume, but all files and folders belong to root and have permissions 777. When creating new files as user 1000 they belong to root and have permissions 640, so they are not accessible for the user. /var/log/messages shows the following: Code: Mar 4 19:40:59 bevan-pc ntfs-3g[15153]: Version 2010.1.16 external FUSE 28
Mar 4 19:40:59 bevan-pc ntfs-3g[15153]: Mounted /dev/dm-0 (Read-Write, label "", NTFS 3.1)
Mar 4 19:40:59 bevan-pc ntfs-3g[15153]: Cmdline options: rw,umask=027,uid=1000,gid=100
Mar 4 19:40:59 bevan-pc ntfs-3g[15153]: Mount options: rw,silent,allow_other,nonempty,default_permissions,relatime,fsname=/dev/dm-0,blkdev,blksize=4096
Mar 4 19:40:59 bevan-pc ntfs-3g[15153]: User mapping built When mounting unencrypted devices there are no problems. Has anyone an idea what the problem could be? I'm using ntfs-3g 2010.1.16 on Arch Linux.
|
| Thu Mar 04, 2010 20:56 |
 |
|
|
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22
Posts: 1013
|
Re: ntfs-3g and truecrypt: umask not respected Hi, Quote: I've got a problem mounting truecrypt-encrypted devices with ntfs-3g. Parameters like uid, gid and umask are not respected. Example: In your post there are apparently two different situations : In the log excerpt you quote : Code: Mar 4 19:40:59 bevan-pc ntfs-3g[15153]: User mapping built In this situation, the normal Linux rules apply (owner of current process, umask as defined by the umask command). [see the third row of the table at http://pagesperso-orange.fr/b.andre/per ... ml#options] Is there a problem in this case ? In the mount with truecrypt, you have probably fallen into a buggy case : Quote: mount /dev/mapper/truecrypt1 /home/bevan/crypt_extern -t ntfs-3g -o "rw,umask=027,uid=1000,gid=100" Can you retry either with adding the option "default_permissions", or defining a user mapping file, or using the fixed latest version from http://pagesperso-orange.fr/b.andre/adv ... l#downloadRegards Jean-Pierre
|
| Thu Mar 04, 2010 23:38 |
|
|
|
Bevan
Joined: Thu Mar 04, 2010 20:34
Posts: 7
|
Re: ntfs-3g and truecrypt: umask not respected Hi! Thanks for the quick answer. I just found some interesting facts: Code: root@bevan-pc /home/bevan # mount /dev/mapper/truecrypt1 /home/bevan/crypt_extern -t ntfs-3g -o uid=1000,gid=100,umask=027
Using default user mapping
root@bevan-pc /home/bevan # tail -n5 /var/log/messages.log
Mar 4 22:34:44 bevan-pc ntfs-3g[21195]: Version 2010.1.16 external FUSE 28
Mar 4 22:34:44 bevan-pc ntfs-3g[21195]: Mounted /dev/dm-0 (Read-Write, label "", NTFS 3.1)
Mar 4 22:34:44 bevan-pc ntfs-3g[21195]: Cmdline options: rw,uid=1000,gid=100,umask=027
Mar 4 22:34:44 bevan-pc ntfs-3g[21195]: Mount options: rw,silent,allow_other,nonempty,default_permissions,relatime,fsname=/dev/dm-0,blkdev,blksize=4096
Mar 4 22:34:44 bevan-pc ntfs-3g[21195]: User mapping built
After this all files belong to root. Code: root@bevan-pc /home/bevan # mount /dev/mapper/truecrypt1 crypt_extern -t ntfs-3g -o uid=1000,gid=100,umask=027
root@bevan-pc /home/bevan # tail -n5 /var/log/messages.log
Mar 4 22:35:30 bevan-pc ntfs-3g[21211]: Version 2010.1.16 external FUSE 28
Mar 4 22:35:30 bevan-pc ntfs-3g[21211]: Mounted /dev/dm-0 (Read-Write, label "", NTFS 3.1)
Mar 4 22:35:30 bevan-pc ntfs-3g[21211]: Cmdline options: rw,uid=1000,gid=100,umask=027
Mar 4 22:35:30 bevan-pc ntfs-3g[21211]: Mount options: rw,silent,allow_other,nonempty,default_permissions,relatime,fsname=/dev/dm-0,blkdev,blksize=4096
Mar 4 22:35:30 bevan-pc ntfs-3g[21211]: Global ownership and permissions enforced
After this all permissions are set correctly. Notice: The only difference is absolute vs. relative path of the mountpoint. Adding the option "default_permissions" doesn't help. Using the latest RC also doesn't help, but there is some new output: Code: root@bevan-pc /home/bevan # mount /dev/mapper/truecrypt1 /home/bevan/crypt_extern -t ntfs-3g -o uid=default_permissions,1000,gid=100,umask=027
Using default user mapping
root@bevan-pc /home/bevan # tail -n5 /var/log/messages.log
Mar 4 23:10:43 bevan-pc ntfs-3g[31909]: Version 2010.2.6-RC external FUSE 28
Mar 4 23:10:43 bevan-pc ntfs-3g[31909]: Mounted /dev/dm-0 (Read-Write, label "", NTFS 3.1)
Mar 4 23:10:43 bevan-pc ntfs-3g[31909]: Cmdline options: rw,uid=default_permissions,1000,gid=100,umask=027
Mar 4 23:10:43 bevan-pc ntfs-3g[31909]: Mount options: rw,1000,silent,allow_other,nonempty,default_permissions,relatime,fsname=/dev/dm-0,blkdev,blksize=4096
Mar 4 23:10:43 bevan-pc ntfs-3g[31909]: User mapping built, configuration type 1 I will try using a user mapping file tomorrow, if necessary. Thanks for your help! Michael
|
| Fri Mar 05, 2010 00:15 |
|
|
|
Bevan
Joined: Thu Mar 04, 2010 20:34
Posts: 7
|
Re: ntfs-3g and truecrypt: umask not respected Oh sorry, I didn't see, that you suggested a special development version. But also this version doesn't help: Code: root@bevan-pc /home/bevan # mount /dev/mapper/truecrypt1 /home/bevan/crypt_extern -t ntfs-3g -o uid=1000,gid=100,umask=027
Using default user mapping
root@bevan-pc /home/bevan # tail -n5 /var/log/messages.log
Mar 4 23:20:32 bevan-pc ntfs-3g[6890]: Version 2010.2.6AR.1 external FUSE 28
Mar 4 23:20:32 bevan-pc ntfs-3g[6890]: Mounted /dev/dm-0 (Read-Write, label "", NTFS 3.1)
Mar 4 23:20:32 bevan-pc ntfs-3g[6890]: Cmdline options: rw,uid=1000,gid=100,umask=027
Mar 4 23:20:32 bevan-pc ntfs-3g[6890]: Mount options: rw,silent,allow_other,nonempty,relatime,fsname=/dev/dm-0,blkdev,blksize=4096,default_permissions
Mar 4 23:20:32 bevan-pc ntfs-3g[6890]: User mapping built, configuration type 1
|
| Fri Mar 05, 2010 00:22 |
|
|
|
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22
Posts: 1013
|
Re: ntfs-3g and truecrypt: umask not respected Hi Michael, Quote: Code: Using default user mapping
[...]
Mar 4 22:34:44 bevan-pc ntfs-3g[21195]: User mapping built After this all files belong to root The interesting point is "Using default user mapping", which means an owner and group was set on the root of the file system and ntfs-3g is mapping them to the owner and group of the mountpoint. The files appear as owned by root because these owner and group are not those of the process accessing the data (more below). Quote: Code: Mar 4 22:35:30 bevan-pc ntfs-3g[21211]: Global ownership and permissions enforced After this all permissions are set correctly. Notice: The only difference is absolute vs. relative path of the mountpoint. Here the mapping has failed, probably because the relative path is analyzed from a wrong base and its owner and group could not be collected. As a consequence the uid and gid in the mount options were used. Quote: Adding the option "default_permissions" doesn't help. Using the latest RC also doesn't help, but there is some new output Ok, it is a different issue. Quote: I didn't see, that you suggested a special development version. But also this version doesn't help: This confirms that it is an issue different from the one fixed recently. Code: I will try using a user mapping file tomorrow, if necessary. Yes, please, this will override the default mapping which was attempted. Just create a file containing this single line : Code: ::S-1-5-21-3141592653-589793238-462643383-10000 Normally this file is .NTFS-3G/UserMapping from the root of the partition, but it may be easier to put it on another partition mounted previously and define its absolute location in the mount options ("usermapping=<full-path-to-file>"). You have to mount again for the file to be taken into account. Your device appears to have been formatted with a specific ACL set on the root, triggering an unwanted mapping. Can you post this ACL : - either the output of "secaudit -v <mountpoint>" (with device mounted) - or the output of "secaudit -v <device> /" (as root, device not mounted) - or the output of "getfattr -e hex -n system.ntfs_acl <mountpoint>" (mounted) Regards Jean-Pierre
|
| Fri Mar 05, 2010 10:01 |
|
|
|
Bevan
Joined: Thu Mar 04, 2010 20:34
Posts: 7
|
Re: ntfs-3g and truecrypt: umask not respected Hi! jpa wrote: Yes, please, this will override the default mapping which was attempted. Just create a file containing this single line : Code: ::S-1-5-21-3141592653-589793238-462643383-10000 Normally this file is .NTFS-3G/UserMapping from the root of the partition, but it may be easier to put it on another partition mounted previously and define its absolute location in the mount options ("usermapping=<full-path-to-file>"). You have to mount again for the file to be taken into account. This changes behaviour: - "Using default user mapping" is not shown when mounting with user mapping file - when mounted with user mapping file, I can create new files and they belong to the correct user. - old files still belong to root, so uid, gid and umask are still not respected - when mounting again without user mapping file, I can't access to the files created before. They all belong to root again. jpa wrote: Your device appears to have been formatted with a specific ACL set on the root, triggering an unwanted mapping. Can you post this ACL :
- either the output of "secaudit -v <mountpoint>" (with device mounted)
- or the output of "secaudit -v <device> /" (as root, device not mounted)
- or the output of "getfattr -e hex -n system.ntfs_acl <mountpoint>" (mounted) Code: bevan@bevan-pc ~ % ntfs-3g.secaudit -v crypt_extern
secaudit 1.3.16 : NTFS security data auditing
Directory crypt_extern
000000 01000494 74000000 90000000 00000000
000010 14000000 02006000 04000000 00031400
000020 a9001200 01010000 00000001 00000000
000030 00031400 ff011f00 01010000 00000005
000040 12000000 00031800 ff011f00 01020000
000050 00000005 20000000 20020000 00031800
000060 ff011f00 01020000 00000005 20000000
000070 21020000 01050000 00000005 15000000
000080 b87c6a97 13db788e af69e53c ed030000
000090 01050000 00000005 15000000 b87c6a97
0000a0 13db788e af69e53c 01020000
Computed hash : 0xc2eb000b
Windows attrib : 0x16
** Could not find the user mapping file
Retry with full path of file
Interpreted Unix mode 0777 (owner and group are unmapped)
** 1 error was found
root@bevan-pc /home/bevan # ntfs-3g.secaudit -v /dev/mapper/truecrypt1 /
secaudit 1.3.16 : NTFS security data auditing
"/dev/mapper/truecrypt1" opened
Directory /
Security key : 0x117
000000 01000494 74000000 90000000 00000000
000010 14000000 02006000 04000000 00031400
000020 a9001200 01010000 00000001 00000000
000030 00031400 ff011f00 01010000 00000005
000040 12000000 00031800 ff011f00 01020000
000050 00000005 20000000 20020000 00031800
000060 ff011f00 01020000 00000005 20000000
000070 21020000 01050000 00000005 15000000
000080 b87c6a97 13db788e af69e53c ed030000
000090 01050000 00000005 15000000 b87c6a97
0000a0 13db788e af69e53c 01020000
Computed hash : 0xc2eb000b
Windows attrib : 0x16
Interpreted Unix owner 0, group 0, mode 0777
"/dev/mapper/truecrypt1" closed
No errors were found This output is the same when user mapping file exists. Regards, Michael
|
| Fri Mar 05, 2010 11:43 |
|
|
|
jpa
NTFS-3G Lead Developer
Joined: Tue Sep 04, 2007 17:22
Posts: 1013
|
Re: ntfs-3g and truecrypt: umask not respected Hi Michael, Quote: - "Using default user mapping" is not shown when mounting with user mapping file This is expected, the explicit definition overrides default. Quote: - when mounted with user mapping file, I can create new files and they belong to the correct user. This should be the standard Linux behavior : you can chmod, chown, set a specific umask etc. Quote: - old files still belong to root, so uid, gid and umask are still not respected This is as expected : the workarounds yield to normal behavior, and old files were created with workarounds which did not write ownership and permissions on storage (the workarounds just return values when reading). Now you can chown/chmod to define ownership and permissions. Quote: - when mounting again without user mapping file, I can't access to the files created before. They all belong to root again Of course, this is again the initial situation you reported. Does the situation with the user mapping file meet your requirements ? Do you have requirements relative to mounting the device on Windows ? (Note : in future ntfs-3g you will not need not have to define a user mapping file to get the standard Linux behavior) Quote: bevan@bevan-pc ~ % ntfs-3g.secaudit -v crypt_extern
secaudit 1.3.16 : NTFS security data auditing
Directory crypt_extern
000000 01000494 74000000 90000000 00000000
[...] This ACL (which is a correct one) is unusual on the root of a file system. It defines an inherited full access to anybody on files and directories created on the device (when enabling inheritance). Is this the factory formatting or did you format the device ? (if you did, how ?) For now, I can only propose the explicit user mapping to override the unwanted behavior caused by the ACL on the root of file system. I will obviously have to redesign this case, which will take some time, so I am open to suggestions. Thank you for your report. It helps us to improve ntfs-3g. Regards Jean-Pierre
|
| Fri Mar 05, 2010 22:47 |
|
|
|
Bevan
Joined: Thu Mar 04, 2010 20:34
Posts: 7
|
Re: ntfs-3g and truecrypt: umask not respected Hi! jpa wrote: Does the situation with the user mapping file meet your requirements ?
Do you have requirements relative to mounting the device on Windows ? Yes, I use the device on Windows, too. I will create a custom user mapping file and assign the files to the correct user. This should completely meet my requirements. jpa wrote: This ACL (which is a correct one) is unusual on the root of a file system. It defines an inherited full access to anybody on files and directories created on the device (when enabling inheritance).
Is this the factory formatting or did you format the device ? (if you did, how ?) Since this is a truecrypt-encrypted partition, it's not the factory formatting. To be honest I don't really remember, but I guess that truecrypt created the NTFS filesystem on the encrypted partition. I will try to reproduce this. Thank you very much for your help. Such a great support makes a good product nerly perfect. Keep up that great work.  Michael
|
| Sat Mar 06, 2010 13:58 |
|
|
|
|
Page 1 of 1
|
[ 8 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 2 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
|