ntfs-3g.secaudit
NTFS Security Data Auditing
Synopsis
ntfs-3g.secaudit
[options] args
Where
options is a combination of :
-a full auditing of security
data (Linux only)
-b backup ACLs
-e setting extra backed-up parameters (in conjunction with
-s)
-h displaying hexadecimal security descriptors saved in a
file
-r recursing in a directory
-s setting backed-up ACLs
-v verbose (very verbose if set twice)
and args define
the parameters and the set of files acted upon.
Typing secaudit
with no args will display a summary of available
options.
add an example, a script, a trick and tips
examples
Audit the global security data on /dev/sda1
ntfs-3g.secaudit -ar /dev/sda1
Display the ownership and permissions parameters for files in
directory /audio/music on device /dev/sda5, excluding
sub-directories :
ntfs-3g.secaudit /dev/sda5 /audio/music
Set all files in directory /audio/music on device /dev/sda5 as
writeable by owner and read-only for everybody :
ntfs-3g.secaudit -r /dev/sda5 644 /audio/music
description
ntfs-3g.secaudit
displays the ownership and permissions of a set of files on
an NTFS file system, and checks their consistency. It can be
started in terminal mode only (no graphical user interface
is available.)
When a
volume is required, it has to be unmounted, and the
command has to be issued as root. The volume
can be either a block device (i.e. a disk partition) or an
image file.
When acting on
a directory or volume, the command may produce a lot of
information. It is therefore advisable to redirect the
output to a file or pipe it to a text editor for
examination.
options
Below are the
valid combinations of options and arguments that
ntfs-3g.secaudit accepts. All the indicated arguments
are mandatory and must be unique (if wildcards are used,
they must resolve to a single name.)
-h file
Displays in an human readable
form the hexadecimal security descriptors saved in
file. This can be used to turn a verbose output into
a very verbose output.
-a[rv] volume
Audits the volume : all the
global security data on volume are scanned and errors
are displayed. If option -r is present, all files and
directories are also scanned and their relations to global
security data are checked. This can produce a lot of
data.
This option is
not effective on volumes formatted for old NTFS versions
(pre NTFS 3.0). Such volumes have no global security
data.
When errors are
signalled, it is advisable to repair the volume with an
appropriate tool (such as chkdsk on Windows.)
[-v] volume
file
Displays the security
parameters of file : its interpreted Linux mode (rwx
flags in octal) and Posix ACL[1], its security key if any,
and its security descriptor if verbose output.
-r[v] volume
directory
displays the security
parameters of all files and subdirectories in
directory : their interpreted Linux mode (rwx flags
in octal) and Posix ACL[1], their security key if any, and
their security descriptor if verbose output.
-b[v] volume
[directory]
Recursively extracts to
standard output the NTFS ACLs of files in volume and
directory.
-s[ev] volume
[backup-file]
Sets the NTFS ACLS as indicated
in backup-file or standard input. The input data must
have been created on Linux. With option -e, also sets
extra parameters (currently Windows attrib).
volume perms file
Sets the security parameters of
file to perms. Perms is the Linux requested mode (rwx flags,
expressed in octal form as in chmod) or a Posix ACL[1]
(expressed like in setfacl -m). This sets a new ACL which is
effective for Linux and Windows.
-r[v] volume perms
directory
Sets the security parameters of
all files and subdirectories in directory to
perms. Perms is the Linux requested mode (rwx flags,
expressed in octal form as in chmod), or a Posix
ACL[1] (expressed like in setfacl -m.) This sets new
ACLs which are effective for Linux and Windows.
[-v]
mounted-file
Displays the security
parameters of mounted-file : its interpreted Linux
mode (rwx flags in octal) and Posix ACL[1], its security key
if any, and its security descriptor if verbose output. This
is a special case which acts on a mounted file (or
directory) and does not require being root. The Posix ACL
interpretation can only be displayed if the full path to
mounted-file from the root of the global file tree is
provided.
exit codes
ntfs-3g.secaudit exits with a value of 0 when no error was
detected, and with a value of 1 when an error was detected.
known issues
Please see
http://www.tuxera.com/community/ntfs-3g-faq/
for common questions and known issues. If you would find a new
one in the latest release of the software then please send an
email describing it in detail. You can contact the development
team on the ntfs-3g-devel[:at:]lists.sf[:dot:]net address.
note
[1] provided the POSIX ACL option was selected at compile time. A
Posix ACL specification looks like
"[d:]{ugmo}:[id]:[perms],..." where id is a numeric user
or group id, and perms an octal digit or a set from the letters
r, w and x.
Example : "u::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7"
thanks
Several people made heroic efforts, often over five or more years
which resulted the ntfs-3g driver. Most importantly they are
Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura
Pakhuchiy, Yuval Fledel, and the author of the groundbreaking
FUSE filesystem development framework, Miklos Szeredi.
see also
ntfsprogs,
attr, getfattr
authors
ntfs-3g.secaudit
has been developed by Jean-Pierre André.