Comment 0 for bug 1821250

/bin/ntfs-3g has been installed as setuid-root since xenial, but this is discouraged upstream (see https://www.tuxera.com/community/ntfs-3g-faq/#useroption). As a hardening improvement, this should not be setuid.

This does break one use-case - unprivileged users will not be able to mount NTFS image files. As far as I'm aware, there are no other use-cases that are broken by this change. It doesn't affect automounting of removable volumes or mounting of NTFS block devices (which unprivileged users can't mount anyway). Administrators that want to allow unprivileged users to mount NTFS image files can change the permissions of /bin/ntfs-3g using dpkg-statoverride.