ntfs-3g.secaudit − NTFS Security Data Auditing


ntfs-3g.secaudit [options] args

Where options is a combination of :

-a full auditing of security data (Linux only)
-b backup ACLs
-e setting extra backed-up parameters (in conjunction with -s)
-h displaying hexadecimal security descriptors saved in a file
-r recursing in a directory
-s setting backed-up ACLs
-u getting a user mapping proposal
-v verbose (very verbose if set twice)

and args define the parameters and the set of files acted upon.

Typing secaudit with no args will display a summary of available options.


ntfs-3g.secaudit displays the ownership and permissions of a set of files on an NTFS file system, and checks their consistency. It can be started in terminal mode only (no graphical user interface is available.)

When a volume is required, it has to be unmounted, and the command has to be issued as root. The volume can be either a block device (i.e. a disk partition) or an image file.

When acting on a directory or volume, the command may produce a lot of information. It is therefore advisable to redirect the output to a file or pipe it to a text editor for examination.


Below are the valid combinations of options and arguments that ntfs-3g.secaudit accepts. All the indicated arguments are mandatory and must be unique (if wildcards are used, they must resolve to a single name.)

Displays in an human readable form the hexadecimal security descriptors saved in file. This can be used to turn a verbose output into a very verbose output.

-a[rv] volume

Audits the volume : all the global security data on volume are scanned and errors are displayed. If option -r is present, all files and directories are also scanned and their relations to global security data are checked. This can produce a lot of data.

This option is not effective on volumes formatted for old NTFS versions (pre NTFS 3.0). Such volumes have no global security data.

When errors are signalled, it is advisable to repair the volume with an appropriate tool (such as chkdsk on Windows.)

[-v] volume file

Displays the security parameters of file : its interpreted Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any, and its security descriptor if verbose output.

-r[v] volume directory

displays the security parameters of all files and subdirectories in directory : their interpreted Linux mode (rwx flags in octal) and Posix ACL[1], their security key if any, and their security descriptor if verbose output.

-b[v] volume [directory]

Recursively extracts to standard output the NTFS ACLs of files in volume and directory.

-s[ev] volume [backup-file]

Sets the NTFS ACLS as indicated in backup-file or standard input. The input data must have been created on Linux. With option -e, also sets extra parameters (currently Windows attrib).

volume perms file

Sets the security parameters of file to perms. Perms is the Linux requested mode (rwx flags, expressed in octal form as in chmod) or a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL which is effective for Linux and Windows.

-r[v] volume perms directory

Sets the security parameters of all files and subdirectories in directory to perms. Perms is the Linux requested mode (rwx flags, expressed in octal form as in chmod), or a Posix ACL[1] (expressed like in setfacl -m.) This sets new ACLs which are effective for Linux and Windows.

[-v] mounted-file

Displays the security parameters of mounted-file : its interpreted Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any, and its security descriptor if verbose output. This is a special case which acts on a mounted file (or directory) and does not require being root. The Posix ACL interpretation can only be displayed if the full path to mounted-file from the root of the global file tree is provided.

-u[v] mounted-file

Displays a proposed contents for a user mapping file, based on the ownership parameters set by Windows on mounted-file, assuming this file was created on Windows by the user who should be mapped to the current Linux user. The displayed information has to be copied to the file .NTFS-3G/UserMapping where .NTFS-3G is a hidden subdirectory of the root of the partition for which the mapping is to be defined. This will cause the ownership of files created on that partition to be the same as the original mounted-file.


[1] provided the POSIX ACL option was selected at compile time. A Posix ACL specification looks like "[d:]{ugmo}:[id]:[perms],..." where id is a numeric user or group id, and perms an octal digit or a set from the letters r, w and x.

Example : "u::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7"


Audit the global security data on /dev/sda1

ntfs-3g.secaudit -ar /dev/sda1

Display the ownership and permissions parameters for files in directory /audio/music on device /dev/sda5, excluding sub-directories :

ntfs-3g.secaudit /dev/sda5 /audio/music

Set all files in directory /audio/music on device /dev/sda5 as writeable by owner and read-only for everybody :

ntfs-3g.secaudit -r /dev/sda5 644 /audio/music


ntfs-3g.secaudit exits with a value of 0 when no error was detected, and with a value of 1 when an error was detected.


Please see


for common questions and known issues. If you would find a new one in the latest release of the software then please send an email describing it in detail. You can contact the development team on the ntfs−3g−devel@lists.sf.net address.


ntfs-3g.secaudit has been developed by Jean-Pierre André.


Several people made heroic efforts, often over five or more years which resulted the ntfs-3g driver. Most importantly they are Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy, Yuval Fledel, and the author of the groundbreaking FUSE filesystem development framework, Miklos Szeredi.


ntfsprogs(8), attr(5), getfattr(1)


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.

Free Software

Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.

Free Books

The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.