Ok, I decided I'd get this to work, although the method and the implications it could have might not seem pretty to some. There are certain conditions for a user to mount any ntfs volume with ntfs-3g, I will name them here:
1. ntfs-3g with integrated fuse support. You'll get this by:
1A. Removing ntfs-3g and fuse from your system if you have them installed as separate packages, so do this as root:
pacman -Rn ntfs-3g
pacman -Rn fuse
Now you can install the new package.
1B. Getting a modified version of the PKGBUILD found in that AUR link previously mentioned by me, here's mine:
# Maintainer: Gula <gulanito.archlinux.org>
# Slightly modified by anderfs
# Don't forget to setuid-root for the ntfs-3g binary after you install this
pkgname=ntfs-3g-fuse-internal
pkgver=2010.5.16
pkgrel=1
pkgdesc="Stable read and write NTFS driver (whit internal fuse suport)"
url="http://www.tuxera.com"
arch=('i686' 'x86_64')
license=('GPL2')
depends=('glibc')
conflicts=('ntfs-3g')
makedepends=('pkgconfig')
options=('!libtool')
source=(http://www.tuxera.com/opensource/ntfs-3g-${pkgver}.tgz
http://aur.archlinux.org/packages/ntfs-3g-fuse-internal/ntfs-3g-fuse-internal/25-ntfs-config-write-policy.fdi)
sha1sums=('895da556ad974743841f743c49b734132b2a7cbc'
'200029f2999a2c284fd30ae25734abf6459c3501')
build() {
cd "${srcdir}/ntfs-3g-${pkgver}"
ac_cv_path_LDCONFIG=/bin/true ./configure --prefix=/usr \
--with-fuse=internal --disable-static || return 1
make || return 1
}
package() {
cd "${srcdir}/ntfs-3g-${pkgver}"
make DESTDIR="${pkgdir}" install || return 1
ln -s /bin/ntfs-3g "${pkgdir}/sbin/mount.ntfs" || return 1
install -m755 -d "${pkgdir}/usr/share/hal/fdi/policy/10osvendor"
install -m644 "${srcdir}/25-ntfs-config-write-policy.fdi" "${pkgdir}/usr/share/hal/fdi/policy/10osvendor/" || return 1
}
Save this as PKGBUILD, preferrably in an empty directory so it doesn't clutter things up when you build it.
1C. Now go to the directory where you saved it and do this as a regular user:
makepkg PKGBUILD
After that's done, you'll get a package called ntfs-3g-fuse-internal-2010.5.16-1-i686.pkg.tar.xz, or something similar.
1D. Install that package as root:
pacman -U ntfs-3g-fuse-internal-2010.5.16-1-i686.pkg.tar.xz
If all went well you now have ntfs-3g compiled with integrated fuse support.
2. The ntfs-3g version must be higher than 1.2506, this is already covered, the package installed from AUR matches this requirement.
3. The ntfs-3g binary must be set to setuid-root, to accomplish this you shall do the following as root:
chown root $(which ntfs-3g)
chmod 4755 $(which ntfs-3g)
I used 4750 instad of 4755, I guess that last bit can be a matter of personal taste as long as it isn't something obnoxious like "7".
4. The user must have the right access to the volume. Okay, this is the ugly part, volumes are owned by root and managed by the disk group with permissions brw-rw----, this means you have to add any users you want mounting this volume to the disk group.
4A. So, do this as root:
gpasswd -a [user] disk
Where [user] is obviously the name of whichever user you're adding to the disk group, do this for any user you want mounting this volume.
Any users currently logged in will have to log out and back in for these change to take effect, this most likely includes you.
4B. Now that you logged back in, try this:
groups
One of the groups listed should be disk, if it's not there you didn't completely log out of all open sessions.
5. The user must have the right permissions/access to the mount point. For a user to be able to mount something to a mount point, that user needs to have read permission (pretty self-explanatory), write permission (so the user can make any changes to the sub-structure of the mount point), and execute permission (so the user can change-dir to that mount point) to it. Mount points can be anywhere, so this really depends where you're mounting.
In my case, I'm mounting these volumes on certain directories under /mnt/, for example /mnt/example. If you're mounting stuff there, you might as well take advantage of the fact your "mounting user" is already in the group disk, and do the following as root:
chgrp disk /mnt/example
chmod 774 /mnt/example
Now users in the disk group will be able to manage these mount points.
6. Mount it. That's it, you should now be able to mount ntfs volumes as an "unpriveleged enough" user. Here's an example of what you'd have to put in /etc/fstab:
UUID=XXXXYYYYXXXXYYYY /mnt/example ntfs-3g noauto,noatime,user,uid=0,gid=6,fmask=137,dmask=027,rw 0 0
uid=0 means root will be the owner of this mount-point and anything in it after it's mounted. This is due to the fact that even though users might own their mountpoints and have rwx permissions on them, you might still not want them to write to the mounted ntfs volumes. Remove this if you want them to be able to write to the volume.
gid=6 means this will be managed by the disk group in my system. Perhaps the disk group has a different id in your system, run "id root" to find out, as root usually is part of this group.
fmask = 137 means the owner (root) can do anything with files in this volume except executing files. Group members (disk) can only read files here, not create or execute them. And other users can't do anything in this volume.
dmask = 027 means the owner can do anything with directories (execute here is needed to chdir), users can't write directories but they can read or execute in them (once again, needed by 'cd'), and finally other users still don't have any access.
You can use whichever fmask and dmask makes sense to you, or use an umask instead.
]]>However, you probably don't really have to compile it yourself, because it appears to already be in AUR, here (package ID: 37647), although it didn't build right the last time I tried it.
If you install this, don't forget to first remove fuse (and ntfs-3g) using pacman, unless you need fuse for something else.
At the moment, I've just settled with "sudo mount /path/to/ntfs-mountpoint/"; users are allowed to unmount volumes even with the regular ntfs-3g implementation with the right permissions.
]]>If I understood this right, should I remove the uid parameter, leaving only gid=users to allow everyone mount this?
]]>My $UID seems to be 1000 and my umask 1000. Is this my user ID? I wonder because the idea is that everyone not-root could be able to mount the usp drive.
]]>echo $UID
this will return your user id
umask
this will return the umask
my uid was 1000 and umask was 0022
]]>I spent the last night trying to figure how mount an USB drive as a regular user, using ntfs-3g. I read the related wiki entries and researched quite a lot in the forums. I came up with this:
fstab:
#
# /etc/fstab: static file system information
#
# <file system> <dir> <type> <options> <dump> <pass>
devpts /dev/pts devpts defaults 0 0
shm /dev/shm tmpfs nodev,nosuid 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
/dev/sda1 / ext3 defaults,noatime 0 1
/dev/sda2 /home ext3 defaults,noatime 0 2
/dev/sda3 swap swap defaults 0 0
/dev/sdb1 /mnt/usb ntfs-3g noauto,uid=0,gid=0,noatime,umask=000, 0 0
I created a ntfsuser group, added my user to that group and trim permissions to the ntfd-3g executable (link in this post). That allows me mount the partition as root and read/write as regular user. It works, so (i think) not big deal here.
However if I add user to the mount options the following error shows up:
Mount is denied because setuid and setgid root ntfs-3g is insecure with the
external FUSE library. Either remove the setuid/setgid bit from the binary
or rebuild NTFS-3G with integrated FUSE support and make it setuid root.
Please see more information at http://ntfs-3g.org/support.html#unprivileged
What bugs me the most is I don't understand why I can't mount as regular user when the user option is set in the fstab. Shouldn't that allow regular users to mount and unmount? Is not like that I'm mounting and dismounting USB drives every 5', but I would like to get this done because I know it can be done
Sorry for asking such trivial question, but I sense that I'm missing something really stupid and I just can't figure what it is
]]>