l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2004 Dec 21 12:41

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] New Account Can't Access Windows Partition
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] New Account Can't Access Windows Partition



on Sun, Dec 19, 2004 at 10:39:18PM -0800, Robert G. Scofield (rscofield@afes.com) wrote:
> 
> Recently I asked for help here because I couldn't write from Linux to my 
> Windows partition.  After some helpful responses I blindly copied Ken Bloom's 
> fstab entry into my fstab, and I could write to Windows.
> 
> At that time, however, I had just one Linux account, "bob."  So someone logged 
> into bob could write to Windows.  Since then I've added a new account, 
> "research."  When I log into research I have no access to the Windows 
> partition whatsoever.  I can't even read it, much less write to it.
> 
> Here are the permissions for the mount point /mnt/windows:
> 
> drwx------  10 bob  root 16384 1969-12-31 16:00 windows

Right.

Here's what you accomplished with the fstab recipies you implemented
without understanding the last time:  rather than mounting your legacy
MS Windows partition as user root, you mounted it as user 'bob', with
read/write/execute permissions for user bob, and nobody else.

The more general way to solve this problem is to:

1. Create (or use an existing) group to have permissions for a given
   resource.  Could be a filesystem (as the current case), modem, audio
   device, etc.

2. Add user(s) who should be able to access this resource to the
   appropriate group.  'adduser <username> <group>' should do this.
   Generally you'll need to log off that user and log them back in for
   the change to take effect.

3. Set permissions on the resources you're providing access to, if
   necessary, so that the assigned group can access the device.

> So I decided to use chmod to give read and write access to others.
> But chmod doesn't work on /mnt/windows.  

vfat (and other DOS-based filesystems) doesn't support permissions.  So
you hard-wire the entire filesystem to a specific set of user and group
ownerships, and related permissions, with your mount options.

> So can anybody tell me how to get read and write permission for the
> new account on the Windows partition.? For what it's worth, Windows is
> on another hard drive, but I don't think that has anything to do with
> the problem.

Following is an example from my own fstab for mounting a floppy in a
multi-user accessible manner:

    /dev/sda   /mnt/floppy vfat  user,gid=floppy,umask=0007       0   0

Pulling that apart:

  - /dev/sda    is the floppy (USB external drive, if you're wondering)
  - /mnt/floppy is the mount point
  - vfat        is the filesystem
  - user        means the device is user-mountable, and _not_ mounted
                by default at boot. 
  - gid=floppy  makes the effective group 'floppy'.  My primary account
                belongs to this group.
  - umask=0007  gives full access to the device for either the user *or*
                the group, but _no_ access to 'other' users.

The reason you want to use a scheme such as this is that GNU/Linux is
inherently multi-user.  If you're running network-accessible services or
allow third-party logins to your system, you're going to want to
restrict their rights to resources unless you find a compelling need to
provide them.  This is called the principle of least privilege, though
it's got broader ramifications.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Geek for hire:  http://kmself.home.netcom.com/resume.html

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!