NTFS-3G.SECAUDIT
NAMESYNOPSIS
DESCRIPTION
OPTIONS
NOTE
EXAMPLES
EXIT CODES
KNOWN ISSUES
AUTHORS
THANKS
SEE ALSO
NAME
ntfs-3g.secaudit − NTFS Security Data Auditing
SYNOPSIS
ntfs-3g.secaudit [options] args
Where options is a combination of :
-a full auditing of security
data (Linux only)
-b backup ACLs
-e setting extra backed-up parameters (in conjunction with
-s)
-h displaying hexadecimal security descriptors saved in a
file
-r recursing in a directory
-s setting backed-up ACLs
-u getting a user mapping proposal
-v verbose (very verbose if set twice)
and args define the parameters and the set of files acted upon.
Typing secaudit with no args will display a summary of available options.
DESCRIPTION
ntfs-3g.secaudit displays the ownership and permissions of a set of files on an NTFS file system, and checks their consistency. It can be started in terminal mode only (no graphical user interface is available.)
When a volume is required, it has to be unmounted, and the command has to be issued as root. The volume can be either a block device (i.e. a disk partition) or an image file.
When acting on a directory or volume, the command may produce a lot of information. It is therefore advisable to redirect the output to a file or pipe it to a text editor for examination.
OPTIONS
Below are the
valid combinations of options and arguments that
ntfs-3g.secaudit accepts. All the indicated arguments
are mandatory and must be unique (if wildcards are used,
they must resolve to a single name.)
-h file
Displays in an human readable form the hexadecimal security descriptors saved in file. This can be used to turn a verbose output into a very verbose output.
-a[rv] volume
Audits the volume : all the global security data on volume are scanned and errors are displayed. If option -r is present, all files and directories are also scanned and their relations to global security data are checked. This can produce a lot of data.
This option is not effective on volumes formatted for old NTFS versions (pre NTFS 3.0). Such volumes have no global security data.
When errors are signalled, it is advisable to repair the volume with an appropriate tool (such as chkdsk on Windows.)
[-v] volume file
Displays the security parameters of file : its interpreted Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any, and its security descriptor if verbose output.
-r[v] volume directory
displays the security parameters of all files and subdirectories in directory : their interpreted Linux mode (rwx flags in octal) and Posix ACL[1], their security key if any, and their security descriptor if verbose output.
-b[v] volume [directory]
Recursively extracts to standard output the NTFS ACLs of files in volume and directory.
-s[ev] volume [backup-file]
Sets the NTFS ACLS as indicated in backup-file or standard input. The input data must have been created on Linux. With option -e, also sets extra parameters (currently Windows attrib).
volume perms file
Sets the security parameters of file to perms. Perms is the Linux requested mode (rwx flags, expressed in octal form as in chmod) or a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL which is effective for Linux and Windows.
-r[v] volume perms directory
Sets the security parameters of all files and subdirectories in directory to perms. Perms is the Linux requested mode (rwx flags, expressed in octal form as in chmod), or a Posix ACL[1] (expressed like in setfacl -m.) This sets new ACLs which are effective for Linux and Windows.
[-v] mounted-file
Displays the security parameters of mounted-file : its interpreted Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any, and its security descriptor if verbose output. This is a special case which acts on a mounted file (or directory) and does not require being root. The Posix ACL interpretation can only be displayed if the full path to mounted-file from the root of the global file tree is provided.
-u[v] mounted-file
Displays a proposed contents for a user mapping file, based on the ownership parameters set by Windows on mounted-file, assuming this file was created on Windows by the user who should be mapped to the current Linux user. The displayed information has to be copied to the file .NTFS-3G/UserMapping where .NTFS-3G is a hidden subdirectory of the root of the partition for which the mapping is to be defined. This will cause the ownership of files created on that partition to be the same as the original mounted-file.
NOTE
[1] provided the POSIX ACL option was selected at compile time. A Posix ACL specification looks like "[d:]{ugmo}:[id]:[perms],..." where id is a numeric user or group id, and perms an octal digit or a set from the letters r, w and x.
Example : "u::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7"
EXAMPLES
Audit the global security data on /dev/sda1
ntfs-3g.secaudit -ar /dev/sda1
Display the ownership and permissions parameters for files in directory /audio/music on device /dev/sda5, excluding sub-directories :
ntfs-3g.secaudit /dev/sda5 /audio/music
Set all files in directory /audio/music on device /dev/sda5 as writeable by owner and read-only for everybody :
ntfs-3g.secaudit -r /dev/sda5 644 /audio/music
EXIT CODES
ntfs-3g.secaudit exits with a value of 0 when no error was detected, and with a value of 1 when an error was detected.
KNOWN ISSUES
Please see
http://www.tuxera.com/community/ntfs-3g-faq/
for common questions and known issues. If you would find a new one in the latest release of the software then please send an email describing it in detail. You can contact the development team on the ntfs−3g−devel@lists.sf.net address.
AUTHORS
ntfs-3g.secaudit has been developed by Jean-Pierre André.
THANKS
Several people made heroic efforts, often over five or more years which resulted the ntfs-3g driver. Most importantly they are Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy, Yuval Fledel, and the author of the groundbreaking FUSE filesystem development framework, Miklos Szeredi.
SEE ALSO
ntfsprogs(8), attr(5), getfattr(1)
More Linux Commands
manpages/servertool-java-1.8.0-openjdk.1.html
servertool-java-1.8.0-openjdk(1) Provides an easy-to-use int
The servertool command provides the command-line interface for developers to register, unregister, start up, and shut down a persistent server. Command-line com
manpages/XtCallConverter.3.html
XtCallConverter(3) - invoke resource converters (Man Page)
The XtConvertAndStore function looks up the type converter registered to convert from_type to to_type, computes any additional arguments needed, and then calls
manpages/Tk_Uid.3.html
Tk_Uid(3) - convert from string to unique identifier........
Tk_GetUid returns the unique identifier corresponding to string. Unique identifiers are similar to atoms in Lisp, and are used in Tk to speed up comparisons and
manpages/gnutls_pkcs7_import.3.html
gnutls_pkcs7_import(3) - API function - Linux manual page...
This function will convert the given DER or PEM encoded PKCS7 to the native gnutls_pkcs7_t format. The output will be stored in pkcs7. If the PKCS7 is PEM encod
manpages/Tcl_SetStdChannel.3.html
Tcl_SetStdChannel(3) - procedures for retrieving and replaci
Tcl defines three special channels that are used by various I/O related commands if no other channels are specified. The standard input channel has a channel na
manpages/key_name.3ncurses.html
key_name(3ncurses) - miscellaneous curses utility routines
The unctrl routine returns a character string which is a printable representation of the character c, ignoring attributes. Control characters are displayed in t
manpages/sfdp.1.html
sfdp(1) - filter for drawing large undirected graphs........
These are a collection of programs for drawing graphs. There is actually only one main program; the specific layout algorithms implemented as plugins. Thus, the
manpages/aria_pack.1.html
aria_pack(1) generate compressed, readonly Aria tables......
Pack a Aria-table to take much less space. Keys are not updated, you must run aria_chk -rq on the index (.MAI) file afterwards to update the keys. You should gi
manpages/thumbnail.1.html
thumbnail(1) create a TIFF file with thumbnail images.......
thumbnail is a program written to show how one might use the SubIFD tag (#330) to store thumbnail images. thumbnail copies a TIFF Class F facsimile file to the
manpages/XtVaGetValues.3.html
XtVaGetValues(3) - obtain and set widget resources (ManPage)
The XtSetValues function starts with the resources specified for the Core widget fields and proceeds down the subclass chain to the widget. At each stage, it wr
manpages/nearbyintl.3.html
nearbyintl(3) - round to nearest integer - Linux man page...
The nearbyint(), nearbyintf(), and nearbyintl() functions round their argument to an integer value in floating-point format, using the current rounding directio
manpages/pnmnorm.1.html
pnmnorm(1) - normalize the contrast in a Netbpm image.......
This program is part of Netpbm(1) pnmnorm reads a PNM image (PBM, PGM, or PPM). It normalizes the contrast by forcing the brightest pixels to white, the darkest
