[vox-tech] New Account Can't Access Windows Partition

Karsten M. Self kmself at ix.netcom.com
Tue Dec 21 00:36:32 PST 2004 

on Sun, Dec 19, 2004 at 10:39:18PM -0800, Robert G. Scofield (rscofield at afes.com) wrote:
> 
> Recently I asked for help here because I couldn't write from Linux to my 
> Windows partition.  After some helpful responses I blindly copied Ken Bloom's 
> fstab entry into my fstab, and I could write to Windows.
> 
> At that time, however, I had just one Linux account, "bob."  So someone logged 
> into bob could write to Windows.  Since then I've added a new account, 
> "research."  When I log into research I have no access to the Windows 
> partition whatsoever.  I can't even read it, much less write to it.
> 
> Here are the permissions for the mount point /mnt/windows:
> 
> drwx------  10 bob  root 16384 1969-12-31 16:00 windows

Right.

Here's what you accomplished with the fstab recipies you implemented
without understanding the last time:  rather than mounting your legacy
MS Windows partition as user root, you mounted it as user 'bob', with
read/write/execute permissions for user bob, and nobody else.

The more general way to solve this problem is to:

1. Create (or use an existing) group to have permissions for a given
   resource.  Could be a filesystem (as the current case), modem, audio
   device, etc.

2. Add user(s) who should be able to access this resource to the
   appropriate group.  'adduser <username> <group>' should do this.
   Generally you'll need to log off that user and log them back in for
   the change to take effect.

3. Set permissions on the resources you're providing access to, if
   necessary, so that the assigned group can access the device.

> So I decided to use chmod to give read and write access to others.
> But chmod doesn't work on /mnt/windows.  

vfat (and other DOS-based filesystems) doesn't support permissions.  So
you hard-wire the entire filesystem to a specific set of user and group
ownerships, and related permissions, with your mount options.

> So can anybody tell me how to get read and write permission for the
> new account on the Windows partition.? For what it's worth, Windows is
> on another hard drive, but I don't think that has anything to do with
> the problem.

Following is an example from my own fstab for mounting a floppy in a
multi-user accessible manner:

    /dev/sda   /mnt/floppy vfat  user,gid=floppy,umask=0007       0   0

Pulling that apart:

  - /dev/sda    is the floppy (USB external drive, if you're wondering)
  - /mnt/floppy is the mount point
  - vfat        is the filesystem
  - user        means the device is user-mountable, and _not_ mounted
                by default at boot. 
  - gid=floppy  makes the effective group 'floppy'.  My primary account
                belongs to this group.
  - umask=0007  gives full access to the device for either the user *or*
                the group, but _no_ access to 'other' users.

The reason you want to use a scheme such as this is that GNU/Linux is
inherently multi-user.  If you're running network-accessible services or
allow third-party logins to your system, you're going to want to
restrict their rights to resources unless you find a compelling need to
provide them.  This is called the principle of least privilege, though
it's got broader ramifications.


Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Geek for hire:  http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20041221/c34c11b6/attachment.bin

More information about the vox-tech mailing list