I have a ntfs partition and when I mount it with default options in fstab I get for files and directories:
rwxrwxrwx = 0777
Obviously ntfs does not support "noexec" option and I do not want 'x' flag to the files and directories. So I'd like to ask what values shall I set to fmask, dmask and umask?
When I set umask=0666
/dev/sda3 /ntfsPartition ntfs-3g defaults,noatime,umask=0666,locale=en_US.utf8,errors=ro 0 0
I get d–x–x–x for the mount directory of the partition. I can go the directory:
cd /ntfsPartition
but I cannot read the content:
ls /ntfsPartition
ls: cannot open directory '.': Permission denied
Thanks in advance!
Best Answer
The
x
flag is necessary for directories, in order to access their contents.With just the
r
flag on a directory, you can get a directory listing, but cannot access the files and subdirectories within it. With just thex
flag on a directory, you won't see the directory listing, but may be able to access files and sub-directories if their permissions allow it and you can specify the exact name of the thing you're trying to access. So, in most cases, you have only two generally useful permissions choices for directories:r-x
andrwx
.So, since the
umask
mount option applies to both files and directories, and you don't want thex
flag on files, you'll need to usefmask
anddmask
only, so you can place one set of permissions on files and another on directories.The permissions and the corresponding mask numbers:
rwx
= mask number 0rw-
= mask number 1 (not very useful for directories)r-x
= mask number 2r--
= mask number 3-wx
= mask number 4 (special case: an approximation of a "write-only directory")-w-
= mask number 5 (not very useful for directories)--x
= mask number 6 (for directories: access by known filenames only)---
= mask number 7 (no access)If you want full access to directories, and everything except the
x
flag for files, you'll need 0 for the correspondingdmask
number and1
for thefmask
number.For NTFS-3g mask numbers, the first digit will be always 0, to denote that the values are in octal numbers. The second digit will specify access for the user specified with the
uid=
option (or for the user doing the mounting, if not specified), the third digit will specify access for the group identified with thegid=
option, and the last digit will specify access for everyone else.If this is your personal system and there are no other users who would need access to the NTFS filesystem, you could use the
id
command to identify your UID number, and then use mount optionsuid=<your UID here>,dmask=0077,fmask=0177
. This would result all the files on the NTFS filesystem appearing as owned by you and with permissions-rw-------
, and directories withdrwx------
.If there are other users who would need access to the NTFS filesystem, you could create a group for the NTFS access, add all the appropriate users to that group, then also specify the GID of that group in mount options:
uid=<your UID here>,gid=<NTFS access group GID here>,dmask=0007,fmask=0117
. This would give anyone in the group the same access as you have: files-rw-rw----
and directoriesdrwxrwx---
.Or you could keep the write access for yourself but give the group members read-only access:
uid=<your UID here>,gid=<NTFS access group GID here>,dmask=0027,fmask=0137
. This would result in permissions-rw-r-----
for files anddrwxr-x---
for directories.Or if you want to grant full access to multiple user accounts and read-only access to everyone else, then the mount options would be:
uid=<your UID here>,gid=<NTFS access group GID here>,dmask=0002,fmask=0113
. That would result in permissions-rw-rw-r--
for files anddrwxrwxr-x
for directories.Instead of using mount options to specify permissions to NTFS files and directories, it is also possible to create a user mapping file to map Windows NTFS security IDs (SIDs) to Unix-style UIDs and GIDs. There's even a
ntfsusermap
tool that will help in creating that file for you. Once you have created the mapping file, you'll only have to place it into<root of NTFS filesystem>/.NTFS-3G/UserMapping
and it will be automatically used the next time you mount the filesystem. After that, the real NTFS file ownerships and permissions will be used in Linux as applicable, and they can be persistently manipulated withchown
/chgrp
/chmod
too.See
man ntfs-3g
andman ntfsusermap
for details.If you're dual-booting Linux and Windows, you might want to get a Windows command line version of
ntfsusermap
and generate the user mapping file while running Windows instead. It might be easier, as with the Windows version of the tool you can see the actual Windows usernames rather than just filenames and their associated SIDs.Even if you don't want the Windows version of
ntfsusermap
, the page contains a more verbose description of how to use the tool, which may be helpful on Linux side of things too.