Cannot mount ntfs partition as only writable by 1 user

Thank you for taking the time to report this bug and help make Ubuntu better. Unfortunately, I don't quite understand your problem.

Are you saying that even though you have mounted /dev/sde1 with uid=1000 and umask=077, that it is still readable by your guest user? Your output of "ls -l /media" seems to suggest otherwise:

drwx------ 1 mud root 16384 2008-07-06 22:42 FILES

...this means that the user (mud) has read-write-execute permissions, and everybody else has no permissions at all.

When logging in as 'guest', what does "cd /media/FILES" do? Does it allow you to view the contents of /media/FILES, or does it give a permission denied error?

Thanks

Thanks for the swift reply.

Yes. When logged in as 'guest', I can cd into '/media/FILES', ls, read and write. That's what's causing me concern. 'ls -l' inside /media/FILES gives me a full list of the contents, which also have the same permissions (drwx------). Does that clarify the issue?

Given the disparity here between permissions and access, I thought I had better mark this as a security vulnerability. Please change this if that's inappropriate. Thanks.

This is a kernel problem which was (supposedly) fixed silently in the recent kernel security upgrade. Probably it's time to submit a CVE for it ...

Szabolcs - I'm struggling to reproduce this on my system. I'm aware of a kernel problem with FUSE mounted filesystems (which I've been affected by), and this is bug 191831. Could you confirm whether you think this is the same issue? If so, I'll mark it as a duplicate. That particular problem is already fixed upstream. Unfortunately, the Ubuntu bug got lost in to the ether because somebody set it invalid

Ok, I see. Not even one user can write to the partition?

Well, Ubuntu is using an old, unsupported, custom patched and uncertified NTFS-3G driver with external FUSE. If the configuration is not right then this problem can indeed happen.

I suggest removing the Ubuntu NTFS-3G package and installing it from the source: http://ntfs-3g.org/

Besides solving dozens of reliability and security problems, it's also fully supported by upstream.

The problem isn't that not-even-one can write, but that any user can read/write when it's supposed to be accessible by just 1 user (the owner).

Using the 'no_def_opts' option, which removes 'allow_other', does prevent all users (except the mounting user) having access, but this isn't the ideal solution (it's no good for group permissions or allowing others read-only etc).

I'm afraid that your solution of recompiling fuse from source is a little beyond me.

Chris, is this likely to be solved in future ubuntu updates?

My kernel is 2.6.24-19-generic and I update daily. Any other info that might help?

On Tue, 22 Jul 2008, themuddler wrote:

> The problem isn't that not-even-one can write, but that any user can
> read/write when it's supposed to be accessible by just 1 user (the
> owner).

This is what I answered originally. Upgrade your kernel to the fixed one and your problem is gone.

Thanks Szabolcs,

I will take your advice and install from source (about to have a go now).

However, beyond my own interests: Because this could entail other Ubuntu users inadvertently opening up partitions they thought were protected, should the newer ntfs-3g driver be incorporated into Ubuntu's regular security updates?

themuddler - is this still an issue for you? Can you try with the latest Ubuntu release (Intrepid)?

Thanks

Just tested it with intrepid. Appears to have been fixed as it now all functions correctly. Thanks for the help everyone!

Thanks for letting me know