Another approach is to use Access Control Lists, a superset of file permissions.
First of all, we have to install the acl package:
sudo apt-get install acl
Before Ubuntu 14.04, the partition has to be mounted with the option acl
for the following to work. It could be added in /etc/fstab
, as in
UUID=<XXXX> /media/shared ext4 noatime,acl 0 2
or for an already mounted filesystem
sudo mount -o remount,acl /media/shared
Next, you should create a new group, to which all users allowed to access the share in read/write mode will be added. I call it usershare
. An already existing group could be used.
sudo addgroup usershare
Now we add the users enzotib
and steevc
to that group:
sudo gpasswd -a steevc usershare
sudo gpasswd -a enzotib usershare
(effective at the next login).
Then we add an ACL with rwx
permissions for the group usershare
to all files already in /media/shared
sudo setfacl -Rm g:usershare:rwX /media/shared
Finally we add a default ACL with rwx
permissions for the group usershare
for all files created from now on inside /media/shared
sudo setfacl -d -Rm g:usershare:rwX /media/shared
Now all users of the usershare
group have full permissions on all files under /media/shared
. Permissions of each user on his and other's home directories are not affected.
I tested this solution and seems to work, but suggestions and corrections are welcome.
Remark: new files and directories created in the considered directory will have write permission for the usershare
group, but files copied or moved in the folder will retain their original permissions. If the user, as I understand, only require write access to newly created directories, this is not a problem. Otherwise it should modify permissions by hand. See this answer on how to overcome this by defining the umask of users to 002
.
One way would be logging in as your user, open up a terminal (hit Ctrl+Alt+T), type
chmod go-rwx ~
and hit enter.
Like that you deny the permission to read, write and cd to your home directory to anybody apart from you.
Best Answer
The easiest, and likely best way to achieve this if you need this all the time for all users all the time whenever the computer is on, is to define the mount point and the rules for mounting the partition in
/etc/fstab
. By doing this, you can provide access rights automatically when the partition / drive is mounted.This is a much more advanced practice, but if the device with the NTFS partition is always connected to the computer anyways, this removes some headaches that you're encountering, and effectively automates the providing of security controls around the data, and allows us to actually modify the controls over time, without having to manually remount things with different options or users each time.
I have a few other sections in this answer.
fstab
entries, which is for the Windows partition on my Ubuntu computer (and I'm the only user on the computer).fstab
entry, and explains the mount options./etc/fstab
line to use, provided you listened to me in the third section.(1) My
fstab
entryI unfortunately have such a NTFS partition on my laptop, and I have to make it readable to myself and system services...
What's this line mean? Well, the first line with a
#
in front is a comment. The second line is the more important bit, which is the actualfstab
entry:sudo blkid /dev/sda1
(replacing/dev/sda1
with the actual ID for your partition, so if it's on a second disk and it's the third partition in the second disk's partition table, then possibly/dev/sdb3
would be in this command. I strip out the quotes around theUUID=
line in myfstab
entry.)/media/win7
at boot.fstab
thentfs-3g
option so it knows it's NTFS.0
.0
.(2) Mount Options
I pass quite a few mount options:
defaults
- passes default mount options (rw
- read/write,suid
- allow set-user-identifier or set-group-identifier bits to take effect,dev
- interpret character or block special devices on the filesystem,exec
- permit execution of binaries,auto
- allows mounting with the-a
option ofmount
,nouser
- prohibits a user from mounting (overridden later),async
- permit asynchronous I/O with the filesystem.)locale=en_US.utf8
- enforces the US English locale with UTF8windows_names
- enforces that Windows name restrictions are in place for new files in the partition.umask=7000
- Basically, inverse chmod. Define what permissions are not permitted for files. Essentially, I don't prohibit anything read/write/execute here, so all files on the mounted location get, effectively, read, write, and execute privileges. I don't want any of the special bits set (setuid, setgid, sticky), so I have to eliminate them from the first octet - since the numeric sum of those is a '7' and i'm prohibiting those permissions, I put a leading 7.uid=1000
,gid=1000
- Have the partition mounted into that folder with user and group ownership of UID (User ID) and GID (Group ID) of1000
(this is my user's user and group,teward
, on the Ubuntu system).user
- Allow a user to mount or unmount the directory. Overrides thenouser
option indefaults
.(3) A Solution for You, in a Secure Way
We could probably simplify the mount options to be these options, though, for your use case, since users are accessing the data and not the system. However, lets do this in a secure manner. Lets create a user group that would give read/write/execute here.
addgroup ntfs-users
- This will create a user group called 'ntfs-users'.id -g ntfs-users
- This will give us a numeric group ID for 'ntfs-users'. We need this for thegid=
mount option.usermod -a -G ntfs-users USERNAME
- add theUSERNAME
user to thentfs-users
group we just created.Now, we can utilize this string of mount options:
What this does that my string in my fstab does not is:
defaults
uid
of the owner user be whatever (usually root at boot mounting)654
, the hypothetical group ID ofntfs-users
which we created aboventfs-users
group) access to the data at all.If you want to own the data, that is, to be the owner user instead of
root
, then add back in theuid=
option. Useid -u YOURUSERNAME
and replaceYOURUSERNAME
with your username to get the User ID (uid
) to use with that option.(4) A possible
/etc/fstab
entry for YOUR use case, assuming you listened to me in section 3Get the UUID for the partition, then this could be something like your
/etc/fstab
line:Replace the value in
UUID=
with the UUID of the partition you want to mount, replace/mnt
with the mount point on your system, replace the value forgid=
in the mount options with the group ID of yourntfs-users
group we created, and if you wish to have your user as owner instead ofroot
, then add auid=
option, providing theuid
for your user, as I stated how to do so earlier.