I need to restrict ntfs write access to knoppix user, but still have it available in root.
I know that I have to edit my fstab, but when I enter the NTFS RO option I dont have write access in superuser mode too

Can anyone help ?

(correcting the umask mistakes):

I suggest trying some ntfs mount options ('man mount' to see the options):

nouser,uid=0,gid=0,umask=077

nouser to prevent any ordinary user from mounting the filesystem (this is the default)
uid=0: all the NTFS filesystem will be 'owned' by root
gid=0: group is root too
umask: only owner can access the mounted filesystem

alternatively:
nouser,uid=0,gid=4,umask=007

gid=4, the group of the NTFS filesystem is 'adm' - allowing you to give access to another user by putting them in the adm group (or admin group or a special group of your choosing), and umask setting to allow the group r/w access.

Thank you so much. I will play around with your suggestions and hopefully I will get it right.
I need to protect my hard drive from accidental error of the linux ntfs driver, but still be able occasionaly to acces it with write support if I need as superuser.

Thanks again

Obviously what I want can not be achieved using fstab, or at least I can not get it right. I need the regular user:Knoppix to be able to mount ntfs partitions read-only and root to be able to mount full access read.write,execute

That should be possible with an fstab entry.


Here is a full example fstab entry:

/dev/sda1 /windisk ntfs nouser,uid=0,gid=0,umask=002 0 0

assuming sda1 is your ntfs partition,
/windisk is the mount point where it should appear (root must have created this directory in advance)
umask=002 means read only for the world, r/w for the owner (root) and group (root)

You don't have to reboot to test it: run the command 'mount /windisk' as root


If you don't want the world to read /windisk, then use a group membership.

/dev/sda1 /windisk ntfs nouser,uid=0,gid=46,umask=027 0 0

Put the special user Knoppix into the selected group (46 in the example, can be anything)
# adduser knoppix 46

Now, root has r/w, and anyone in the group 46 has r/o access. You control who is in that group. It could be 1 user only.

Thanks so much for you help Wollongong. I did exactly what you told me. Here is a copy of my fstab entries. Have a look and tell me where I go wrong.

# DEFAULT BASE FSTAB, UNCONFIGURED
proc /proc proc noauto 0 0
sysfs /sys sysfs noauto 0 0

# Added by KNOPPIX
/dev/sdb1 /media/sdb1 vfat noauto,users,exec,umask=000,shortname=winnt,uid=kn oppix,gid=knoppix 0 0
# Added by KNOPPIX
/dev/sda6 /media/sda6 vfat noauto,users,exec,umask=000,shortname=winnt,uid=kn oppix,gid=knoppix 0 0
# Added by KNOPPIX
/dev/sda5 /media/sda5 ntfs noauto,nouser,uid=0,gid=0,umask=002 0 0
# Added by KNOPPIX
/dev/sda1 /media/sda1 ntfs ro,noauto,nouser,uid=0,gid=0,umask=002 0 0
# Added by KNOPPIX
/dev/sda2 /media/sda2 auto noauto,users,exec 0 0
# Added by KNOPPIX
/dev/sr0 /media/sr0 auto ro,noauto,users,exec 0 0

With this settings knoppix user still has read write access to SDA5. I have put ro option on SDA1 because its my windows partition and it works ok.There is no write access to SDA1 for both knoppix and root.
When I click on the permissions tab on most of the files and folders in SDA5 partition, the Owner is Knoppix, and the group is Root, but not on all of them !!
I am running Knoppix 6.2 of a flash drive with persistant changes. There is a script called "rebuildfstab" but it is only run if there is no entry in fstab for certain partition. This script is easily modifiable and I can make its output to be whatever I want, once I figure what my proper fstab settings are.
Thanks again

Hi mecho,

now this is interesting! It looks to me like a bug in Knoppix? COMMENTS WELCOME!

So far, I have been commenting on this from the point of view of linux in general.
The commands should work the same on any linux, whether Knoppix, Ubuntu or Fedora, for example.

--------------------------------------------------------------------------------------------
I tested the commands on my Ubuntu system, and it worked as expected.

Here's my actual fstab entry:
/dev/sda2 /windows/C ntfs defaults,umask=027,gid=46 0 1

/windows/C is mounted as root:plugdev mode 750, everything as expected. As a member of the plugdev group (46),
I can see the files, but not make any changes. root can make changes.

$ ls -la /windows/C
total 1982066
drwxr-x--- 1 root plugdev 24576 2010-03-25 04:04 .
drwxr-xr-x 3 root root 4096 2009-12-13 14:28 ..
drwxr-x--- 1 root plugdev 0 2009-07-14 14:53 Documents and Settings
...

--------------------------------------------------------------------------------------------
Now reboot the system using Knoppix 6.3 DVD "Linux Magazine" edition, and there is some strange behaviour:
Here's my entry in fstab:
/dev/sda2 /windisk ntfs nouser,umask=027,uid=0,gid=knoppix 0 0

make sure the mount point is owned by root:
$ ls -l /windisk
-> drwxr-xr-x root root ...

mount as root:
$ sudo mount /windisk

now:
$ ls -la /
drwxr-x--- 1 root knoppix 24576 Mar 24 17:04 windisk

It looks correct: owner=root, group=knoppix, permission=750

However, as user knoppix, I CAN WRITE to /windisk WHY???

Thanks a lot for you effort Wollongong. With my 2 months linux experience - this is a dead end to this topic for me. I will make a small shell script to quickly mount the partition read-write whenever I need it, and will keep the RO,NOAUTO in fstab for both my ntfs partitions. Thanks again for proving this issue to me-I was going to bother myself long time