Re: Impossible to give "write" permission on a sub folder
Hello David, really thank you for your reply.
I'll try to explain my needs and all info that I can have in order to answer your questions the best way I can:
First I will explain my goal:
I have always been a Windows user, but for a while I've been thinking in changing to Linux. Last month I decided to do the change, but as we are 2 people at home (me and my wife), I've decided to do a dual boot while I can do all settings and familiarize myself with Debian, while she will still be using Windows (she is not a tech woman, she only wants something that works easily).
So I want to be able to access and modify documents on the folders on Debian and Windows, as me and my wife have documents in common on these folders.
As I stated before, the computer has 2 physical drives, one SSD with the 2 OSs and a HDD with all the data files (documents, pictures, ...)
This drive is meant to be shared between all users, and the folders are there only for organisational purposes. For example:
- HDD
----Documents
--------User1
--------User2
--------Public
----Images
--------User1
--------User2
--------Public
As I said, the permissions on the subfolder are herited from the parent ones: User1, User2 and Public folder's permissions are herited from Documents or Images. Here is a PowerShell "Get-ACL" output from the 2 user's documents folders:
PS C:\Windows\system32> cd D:\Documents\User2\
PS D:\Documents\User2> Get-Acl | Format-Table -Wrap
Répertoire : D:\Documents
Path Owner Access
---- ----- ------
User2 PC-01\Admin AUTORITE NT\Système Allow FullControl
BUILTIN\Administrateurs Allow FullControl
PC-01\Admin Allow FullControl
PC-01\user1 Allow FullControl
PC-01\user2 Allow FullControl
Tout le monde Allow Write, ReadAndExecute, Synchronize
PS D:\Documents\User2> cd ..\User1\
PS D:\Documents\User1> Get-Acl | Format-Table -Wrap
Répertoire : D:\Documents
Path Owner Access
---- ----- ------
User1 PC-01\Admin AUTORITE NT\Système Allow FullControl
BUILTIN\Administrateurs Allow FullControl
PC-01\Admin Allow FullControl
PC-01\user1 Allow FullControl
PC-01\user2 Allow FullControl
Tout le monde Allow Write, ReadAndExecute, Synchronize
PS D:\Documents\User1>
If I suppose that these settings are the same, I think I could suppose that after a mount, both of these folders would have the same permission settings on Debian, but thats not the case.
I also disable fast boot and hibernation on the Windows side:
- I first went to power button settings and disabled the fast boot
- then I went to PowerShell and did powercfg -h off
- at last, I checked the group policies settings to be sure that hibernation was forced on the system
As for the tests I did with some new folders:
- first I created a "linuxTestFolder" on Debian - "sudo mkdir /mnt/windows/Documents/linuxTestFolder":
- this folder was created with "rwxrwxrwx" permissions and I have full access on Debian.
- I can also use this folder on Windows, and it's permissions are "Everybody full control"
- I can create and edit files on both OSs
- second I created a "windowsTestFolder" on Windows, with the same inherit permissions as User1 and User2 - "Add new folder" button on Windows explorer:
- after the mount on Debian, this folder have "rwxrwxrwx" permissions and I have full access
- I can also use this folder on Windows
- I can create and edit files on both OSs
This permission history is really puzzeling me...
Maybe there are other Windows settings that I can't see with get-acl ?
Bet regards,
Marc
Le 2021-11-28 22:14, David Wright <deblis@lionunicorn.co.uk> a écrit :
On Sun 28 Nov 2021 at 17:45:33 (+0100), lists.debian@netc.eu wrote:
> Thansk for the answer. To be honest to you, I already checked all that. Both User1 and User2 folders have have exactly the same permission sets on Windows (they both herit them from the Documents folder).
Were this a windows list, we'd expect you to demonstrate this with
some pasted output.
NTFS permissions and their inheritance is complicated, can be
"broken" (intentional) and corrupted (eg interrupting the
inheritance chain updates) but mendable. So one would need
evidence of clean, up-to-date metadata.
> I did also tried to use the usermap file, but I must say that I didn't managed to do it. I didn't found the Windows zip file to download from the NTFS-3G website and the Linux one I didn't managed to understand once I launch it.
I drafted a reply before Chuck's arrived. I wrote:
You probably need to become very familiar with man ntfs-3g
particularly with:
"On computers which can be dual-booted into Windows or Linux,
Windows has to be fully shut down before booting into Linux"
and:
Regardless of what's shown here, have you written to the filesystem
from linux at all? (Note that I'm not asking you to try.) Or IOW, is
the partition listed as rw or ro by mount?
"If either Windows is hibernated or its fast restart is enabled,
partitions on internal disks are forced to be mounted in read-only mode."
Next is working your way through "Access Handling and Security"
and then appreciating that "umask=value Set[s] the bitmask of the file
and directory permissions /that are not present/. … The default value
is 0 which means full access to everybody." (My emphasis.)
In view of your reported struggles to understand above, I would think
carefully about what exectly you are trying to communicate between
windows and linux.
. Are you actually relying on permissions because User 1,2,3 are
different people whose data needs protecting, or are they different
facets of yourself (personal, work, financial, etc.)
. Do the files require preservation of windows metadata. (Eg, if you
were sharing "C:\WINDOWS", one wouldn't want to interfere with
metadata that the OS relies upon.)
Then I would decide on whether your shared filesystem would really
be better served by being simple, like exFAT (DC's choice, I've no
experience) or FAT32.
> I did some tests, and I think that I I can't find a way to do it this week I will end by recreate this folders. In my tests it worked well :(
And without understanding what caused the problem, just touch wood and
hope it doesn't happen again? Not the way I'd want to run a system.
For example, what tool would you use to check it and preen it?
(Disclaimer: we have no idea what these "tests" were.)
Cheers,
David.
> Le 2021-11-27 19:39, Chuck Zmudzinski <brchuckz@netscape.net> a écrit : > > Read the ntfs-3 man page. > > Take a look at the man page for ntfs-3g, the section on > Access Handling and Security: > > From the ntfs-3g man page: > ------------------------------------------------------------ > Access Handling and Security > By default, files and directories are owned by the effective > user and group of the mounting process, and ev‐ > erybody has full read, write, execution and directory browsing > permissions. You can also assign permissions > to a single user by using the uid and/or the gid options > together with the umask, or fmask and dmask options. > > Doing so, Windows users have full access to the files created by > ntfs-3g. > > But, by setting the permissions option, you can benefit from the > full ownership and permissions features as > defined by POSIX. Moreover, by defining a Windows-to-Linux > user mapping, the ownerships and permissions are > even applied to Windows users and conversely. > > If ntfs-3g is set setuid-root then non-root users will be also > able to mount volumes. > ------------------------------------------------------------ > > You use the defaults option when mounting. I do not know how that > affects access and security for ntfs-3g. I would suggest either using > uid and gid options when mounting instead, or using the > usermapping file that maps Windows users to Debian users. > > You need to check which user under Windows owns those folders, which Windows > users have write access to those folders, etc. > > As mentioned in the man page, there is a way to map Windows users to > Debian 11 users using the default .NTFS-3G/UserMapping file or a > custom usermapping file with the usermapping mount option. > > I used this feature a long time ago, and the format for the usermapping > file is documented in the ntfs-3g man page. > > As is said at the beginning of this reply, read the ntfs-3g man page! > > HTH, > > Chuck > > On 11/26/2021 3:29 AM, lists.debian@netc.eu wrote: > > Hello to all, > > I have a dual boot PC with Windows 10 and Debian 11 > > This PC has 2 drives, one SSD that has both operating systems and a > > HDD where I store all other files (documents, music, images, ...) > > The goal is to share this HDD between Windows and Debian. To do it, I > > added the following line to the fstab file: > > > > UUID=ACB23705B236D414 /mnt/windows ntfs-3g defaults,umask=000 > > 0 0 > > > > the folders lount without any problem to /mnt/windows, all with the > > correct permission settings (rwx) : > > > > $ ls -l /mnt/windows/ > > total 80 > > drwxrwxrwx 1 root root 4096 14 nov. 20:20 '$RECYCLE.BIN' > > drwxrwxrwx 1 root root 4096 24 nov. 15:59 CloudStation > > drwxrwxrwx 1 root root 4096 21 nov. 11:44 Documents > > -rwxrwxrwx 1 root root 8192 25 juin 08:15 DumpStack.log.tmp > > drwxrwxrwx 1 root root 4096 22 nov. 20:41 Images > > drwxrwxrwx 1 root root 4096 24 nov. 11:53 Music > > drwxrwxrwx 1 root root 8192 23 nov. 06:21 'System Volume Information' > > drwxrwxrwx 1 root root 40960 21 nov. 22:22 Downloads > > drwxrwxrwx 1 root root 4096 21 nov. 19:44 Videos > > > > My problem is that in some sub folders, I'm not getting the write > > ("w") permission. For example on the "Documents" one: > > > > $ ls -l /mnt/windows/Documents/ > > total 117 > > drwxrwxrwx 1 root root 16384 24 nov. 15:59 User1 > > -rwxrwxrwx 1 root root 0 26 nov. 2020 Default.rdp > > -rwxrwxrwx 1 root root 432 11 mars 2021 desktop.ini > > dr-xr-xr-x 1 root root 40960 24 nov. 15:59 User2 > > drwxrwxrwx 1 root root 16384 24 nov. 16:00 Public > > drwxrwxrwx 1 root root 4096 24 nov. 15:59 User3 > > dr-xr-xr-x 1 root root 20480 21 nov. 12:05 Scan > > -rwxrwxrwx 1 root root 18432 4 déc. 2016 Thumbs.db > > drwxrwxrwx 1 root root 0 16 nov. 23:13 'Unified Remote' > > > > Most of the folders are OK, but I ave User2 and San that doesn't have > > the write ("w") permission... > > Do you have any idea on whats going on? > > Thanks in advance for all the help, > > Berst regards, > > Marc > >
Reply to: