Re: [vox-tech] New Account Can't Access Windows Partition
on Sun, Dec 19, 2004 at 10:39:18PM -0800, Robert G. Scofield ([EMAIL PROTECTED]) wrote: > > Recently I asked for help here because I couldn't write from Linux to my > Windows partition. After some helpful responses I blindly copied Ken Bloom's > fstab entry into my fstab, and I could write to Windows. > > At that time, however, I had just one Linux account, "bob." So someone > logged > into bob could write to Windows. Since then I've added a new account, > "research." When I log into research I have no access to the Windows > partition whatsoever. I can't even read it, much less write to it. > > Here are the permissions for the mount point /mnt/windows: > > drwx-- 10 bob root 16384 1969-12-31 16:00 windows Right. Here's what you accomplished with the fstab recipies you implemented without understanding the last time: rather than mounting your legacy MS Windows partition as user root, you mounted it as user 'bob', with read/write/execute permissions for user bob, and nobody else. The more general way to solve this problem is to: 1. Create (or use an existing) group to have permissions for a given resource. Could be a filesystem (as the current case), modem, audio device, etc. 2. Add user(s) who should be able to access this resource to the appropriate group. 'adduser ' should do this. Generally you'll need to log off that user and log them back in for the change to take effect. 3. Set permissions on the resources you're providing access to, if necessary, so that the assigned group can access the device. > So I decided to use chmod to give read and write access to others. > But chmod doesn't work on /mnt/windows. vfat (and other DOS-based filesystems) doesn't support permissions. So you hard-wire the entire filesystem to a specific set of user and group ownerships, and related permissions, with your mount options. > So can anybody tell me how to get read and write permission for the > new account on the Windows partition.? For what it's worth, Windows is > on another hard drive, but I don't think that has anything to do with > the problem. Following is an example from my own fstab for mounting a floppy in a multi-user accessible manner: /dev/sda /mnt/floppy vfat user,gid=floppy,umask=0007 0 0 Pulling that apart: - /dev/sdais the floppy (USB external drive, if you're wondering) - /mnt/floppy is the mount point - vfatis the filesystem - usermeans the device is user-mountable, and _not_ mounted by default at boot. - gid=floppy makes the effective group 'floppy'. My primary account belongs to this group. - umask=0007 gives full access to the device for either the user *or* the group, but _no_ access to 'other' users. The reason you want to use a scheme such as this is that GNU/Linux is inherently multi-user. If you're running network-accessible services or allow third-party logins to your system, you're going to want to restrict their rights to resources unless you find a compelling need to provide them. This is called the principle of least privilege, though it's got broader ramifications. Peace. -- Karsten M. Self <[EMAIL PROTECTED]>http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Geek for hire: http://kmself.home.netcom.com/resume.html signature.asc Description: Digital signature ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] New Account Can't Access Windows Partition
On Monday 20 December 2004 00:26, Mark K. Kim wrote: Thanks to Bill, Swaine, and Mark. I've got it working. There were only two hitches. > > Change the stuff after vfat to: > > defaults,uid=1000,gid=win,fmask=117,dmask=007 The first hitch is that fmask had to be set to 107. > > > > addgroup win > The second hitch was that my system did not recognize the addgroup command. It didn't even recognize the command when it was executed like this "/sbin/addgroup" So I just went into SuSE's YAST. All you do is create a new group and then put a check mark into the boxes next to the users you want to make part of the group. So it was easy. But the bottom line is that the win group now has read-write access to Windows. So thanks again. Bob ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] New Account Can't Access Windows Partition
On Sun, 19 Dec 2004, Robert G. Scofield wrote: [snip] > Yes, thank you Bill. Here's the Ken Bloom creation: > > /dev/hda1/mnt/windows vfat > defaults,uid=1000,fmask=177,dmask=077 > > Remember, I don't know what any of this means after the "vfat" entry. [snip] Change the stuff after vfat to: defaults,uid=1000,gid=win,fmask=117,dmask=007 (Add a "gid" entry, and modify fmask/dmask fields). This will allow any user in the group "win" to read/write to/from the /mnt/windows directory. Explanation: The "gid" sets the group that /mnt/windows will be mounted in; "fmask" sets the `chmod` of all the files within /mnt/windows; and the "dmask" sets the `chmod` of all the directories within /mnt/windows. But to do this, you first need to create a group named "win": addgroup win then add "bob" and "research" to that group: adduser bob win adduser research win I think I got the syntaxes right. You can't simply `chmod` /mnt/windows or anything underneath because VFAT has no concept of permissions, at least not to the fine detail that UNIX has. And you can't `chmod` /mnt/windows before mounting the partition because the mounting point permission takes on the permission of what is mounted on it after the mounting. So to resolve this problem, you can set the permission of *all* the files and *all* the directories of a VFAT partition as you mount it, which is what we did above. Questions? -- "mail vox"! -Mark -- Mark K. Kim AIM: markus kimius Homepage: http://www.cbreak.org/ Xanga: http://www.xanga.com/vindaci Friendster: http://www.friendster.com/user.php?uid=13046 PGP key fingerprint: 7324 BACA 53AD E504 A76E 5167 6822 94F0 F298 5DCE PGP key available on the homepage ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] New Account Can't Access Windows Partition
On Sun, 19 Dec 2004, Bill Kendrick wrote: On Sun, Dec 19, 2004 at 11:17:42PM -0800, Robert G. Scofield wrote: On Sunday 19 December 2004 23:00, Bill Kendrick wrote: I think because it's a mount point, you can't really affect its permissions. Can you remind us what the exact fstab entry was that you used? Yes, thank you Bill. Here's the Ken Bloom creation: /dev/hda1/mnt/windows vfat defaults,uid=1000,fmask=177,dmask=077 Remember, I don't know what any of this means after the "vfat" entry. Ah, here we go. "uid" would be the 'user id' for who 'owns' this mounted drive. In this case, I'm guessing "bob"'s uid is 1000. :^) The 'fmask' and 'dmask' are no doubt octal masks that set the permissions of files and directories (respectively) once the drive is mounted. Try removing "uid=1000" and replace it with simply "user", and see if the new account can mount the drive themselves, and if so, if they can read and write to it... Marking it as "user" would just allow the user to mount it manually. It would not affect the permissions that are being applied when the partition is mounted automatically at boot time. Adding a gid= and modifing the masks to allow group read/write access would allow all users in that group to access the drive. I would suggest making a special group for writing to the Windows drive and adding the desired users to that group. ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] New Account Can't Access Windows Partition
On Sun, Dec 19, 2004 at 11:17:42PM -0800, Robert G. Scofield wrote: > On Sunday 19 December 2004 23:00, Bill Kendrick wrote: > > > > > > I think because it's a mount point, you can't really affect its > > permissions. Can you remind us what the exact fstab entry was that you > > used? > > Yes, thank you Bill. Here's the Ken Bloom creation: > > /dev/hda1/mnt/windows vfat > defaults,uid=1000,fmask=177,dmask=077 > > Remember, I don't know what any of this means after the "vfat" entry. Ah, here we go. "uid" would be the 'user id' for who 'owns' this mounted drive. In this case, I'm guessing "bob"'s uid is 1000. :^) The 'fmask' and 'dmask' are no doubt octal masks that set the permissions of files and directories (respectively) once the drive is mounted. Try removing "uid=1000" and replace it with simply "user", and see if the new account can mount the drive themselves, and if so, if they can read and write to it... > BTW, I recently read on the Mozilla web site that Mandrake automatically > configures a dual boot system to mount the Windows partition read-write. > That's nice for the newbies, and the bewbies like me who never learn. But > this is a SuSE system. Sadly, I'm not familiar with either. I also have to admit that I have no dual-boot systems, so I'm just going off what little I know about 'mount' and the man page. Hopefully I'm helping some. ;) Good luck! -bill! ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] New Account Can't Access Windows Partition
On Sunday 19 December 2004 23:00, Bill Kendrick wrote: > > > I think because it's a mount point, you can't really affect its > permissions. Can you remind us what the exact fstab entry was that you > used? Yes, thank you Bill. Here's the Ken Bloom creation: /dev/hda1/mnt/windows vfat defaults,uid=1000,fmask=177,dmask=077 Remember, I don't know what any of this means after the "vfat" entry. BTW, I recently read on the Mozilla web site that Mandrake automatically configures a dual boot system to mount the Windows partition read-write. That's nice for the newbies, and the bewbies like me who never learn. But this is a SuSE system. Bob ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] New Account Can't Access Windows Partition
On Sun, Dec 19, 2004 at 10:39:18PM -0800, Robert G. Scofield wrote: > So I decided to use chmod to give read and write access to others. But chmod > doesn't work on /mnt/windows. If I bungle the chmod command, I get an error > message. But if I issue a correct command like "chmod g+x windows" I > immediately return to the UNIX prompt just as if the command was properly > executed. But the permissions do not change. I think because it's a mount point, you can't really affect its permissions. Can you remind us what the exact fstab entry was that you used? Something will need to change there. Unix groups might be involved as well. -bill! ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] New Account Can't Access Windows Partition
Recently I asked for help here because I couldn't write from Linux to my Windows partition. After some helpful responses I blindly copied Ken Bloom's fstab entry into my fstab, and I could write to Windows. At that time, however, I had just one Linux account, "bob." So someone logged into bob could write to Windows. Since then I've added a new account, "research." When I log into research I have no access to the Windows partition whatsoever. I can't even read it, much less write to it. Here are the permissions for the mount point /mnt/windows: drwx-- 10 bob root 16384 1969-12-31 16:00 windows So I decided to use chmod to give read and write access to others. But chmod doesn't work on /mnt/windows. If I bungle the chmod command, I get an error message. But if I issue a correct command like "chmod g+x windows" I immediately return to the UNIX prompt just as if the command was properly executed. But the permissions do not change. So can anybody tell me how to get read and write permission for the new account on the Windows partition.? For what it's worth, Windows is on another hard drive, but I don't think that has anything to do with the problem. Thank you. Bob ___ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
