| View previous topic :: View next topic |
| Author |
Message |
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2290
Location: $TERM
|
 Posted: Thu May 13, 2010 12:31 pm Post subject: So NTFS does store premissions? |
 |
|
So we do have ACL and ACE in NTFS and so windows (as copied over from Unix); regarding this I have a few questions -
1) If I mount an NTFS partition in Ubuntu (in one PC), I get full rwxrwxrwx permission for that partition (owner and group is root), however in Gentoo I get rwx------ (owner and group is root)...why?...what's wrong? (Notice, this is a question I asked out of curiosity, I know the gid and uid parameters) Ok, I think umask in /etc/profile governsn this?
2) If I change the file permissions manually on a mounted NTFS partition, it should change and the permission should be stored in some sorta cache (the local cache), that means it will be lost if I umount, but the permissions are not changing.
However, if the NTFS filesystem is mounted using fstab, it works... what is hapenning??? 
4) Do we have security advantages similar to Linux if using a limited account in windows; till how much extent will it protect? So why does everyone uses administrators account?
_________________
My blog |
|
| Back to top |
|
 |
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54830
Location: 56N 3W
|
| Posted: Thu May 13, 2010 7:54 pm Post subject: |
|
|
dE_logics,
Both *NIX filesystems and NTFS implement permissions but the permissions sets are not compatible.
Therefore, when you mount an NTFS partition in *NIX, you have to fake the owner, group and permissions.
As you know, this is done at mount time in a number of ways and can be changed later by any user having the required permissions to the mount point.
If you use a limited account on Windows on NTFS (you can install Windows on FAT32 too) you have some protection as limited users cannot install things, even virii.
Everyone uses the admin account from habit ... look at Windows origins, DOS, Win 3.1, Win95 Win98 (all on FAT with no idea of keeping users apart) NT was the first version of windows to use NTFS, as it wasn't aimed at home users. XP provided NTFS as an option.
Windows users are not used to setting up user accounts.
Another reason is that Windows is really a single user operating system. Think about the history. *NIX has been multi-user since its inception and on a multi-user system, you need to authenticate users and keep them apart.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23089
|
| Posted: Fri May 14, 2010 2:34 am Post subject: |
|
|
| NeddySeagoon wrote: | | If you use a limited account on Windows on NTFS (you can install Windows on FAT32 too) you have some protection as limited users cannot install things, even virii. |
In a strict sense, you are correct that limited users cannot install packages the way an administrator can. However, the default permissions that Windows sets at install allow users to execute code out of their profile directory, so a virus could drop something in ~/My Documents and run from there. It is possible to restrict such behavior, if the system administrator wishes to do so.
Regarding administrator accounts on Windows: this is not entirely the fault of end users. Far too many Windows programs, especially ones released as recently as a few years ago, assume the user will have administrative rights. Such programs then behave poorly or outright fail when run under a limited user account. Users quickly become frustrated with a failure they cannot understand, switch to an administrator account, and stay there when that makes the problem go away. By contrast, most Unix programs will be refused by distribution maintainers if they want administrator privileges, but serve a purpose which should not require administrator rights, so we tend not to encounter such things very often. |
|
| Back to top |
|
|
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2290
Location: $TERM
|
| Posted: Fri May 14, 2010 5:12 am Post subject: |
|
|
Ok, thanks for answering.
But IMO the restrictive accounts will be in use by default someday. And that day the secirity of windows will increase by quiet a lot.
Anyway, no one can stop the 'autorun' to delete the whole user's data.  I'll try and run a few viruses in the limited account too...let's see what happens.
Ok, so one more question remaining -
| Quote: | 2) If I change the file permissions manually on a mounted NTFS partition, it should change and the permission should be stored in some sorta cache (the local cache), that means it will be lost if I umount, but the permissions are not changing.
However, if the NTFS filesystem is mounted using fstab, it works... what is hapenning??? |
So why does it happen with fstab?
_________________
My blog |
|
| Back to top |
|
|
princeoliver
n00b
Joined: 29 Apr 2010
Posts: 4
|
|
| Back to top |
|
|
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2290
Location: $TERM
|
| Posted: Fri May 14, 2010 6:47 pm Post subject: |
|
|
Yeah I did read that. That's how I came to know a bit about it.
| Quote: |
Building Linux permissions and getting owner and group from an ACL is rather complex, so, when inheritable, the results are kept in a memory cache for further use. This cacheing is very efficient as a single entry has to be maintained for all files which have the same set of permissions, owner and group. |
But this is not working with the manual mount.
_________________
My blog |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23089
|
| Posted: Sat May 15, 2010 2:23 am Post subject: |
|
|
| dE_logics wrote: | | But IMO the restrictive accounts will be in use by default someday. And that day the secirity of windows will increase by quiet a lot. |
Windows Vista went a long way in that regard. Unfortunately, it was such a debacle that its market penetration is far lower than they would have gotten if they had kept the good parts of XP and just enhanced the security related areas. Windows 7 cleaned up some of Vista's worst mistakes, but Microsoft still does not accept that XP is the most popular Windows they ever made. |
|
| Back to top |
|
|
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2290
Location: $TERM
|
| Posted: Sat May 15, 2010 5:23 am Post subject: |
|
|
| Hu wrote: | | dE_logics wrote: | | But IMO the restrictive accounts will be in use by default someday. And that day the secirity of windows will increase by quiet a lot. |
Windows Vista went a long way in that regard. Unfortunately, it was such a debacle that its market penetration is far lower than they would have gotten if they had kept the good parts of XP and just enhanced the security related areas. Windows 7 cleaned up some of Vista's worst mistakes, but Microsoft still does not accept that XP is the most popular Windows they ever made. |
And MS wont give a damn about what users user. Close source.
Microsoft®©™
_________________
My blog |
|
| Back to top |
|
|
lagaminas
n00b
Joined: 16 May 2010
Posts: 2
|
| Posted: Sun May 16, 2010 2:31 pm Post subject: |
|
|
i have same problem  |
|
| Back to top |
|
|
jordanwb
l33t
Joined: 10 Jul 2008
Posts: 642
Location: Ottawa, Canada
|
| Posted: Mon May 17, 2010 2:02 am Post subject: |
|
|
Not sure if this is useful but I think there is a file that controls the default options that is assigned to a file system upon mounting or upon creation. I'm not sure where these files might be. I'm looking right now.
Here we go:
Mount command documentation regarding NTFS:
| Quote: | uid=value, gid=value and umask=value
Set the file permission on the filesystem. The umask value is given in octal. By default, the files are owned by root and not readable by somebody else. |
Not sure what to set these to but umask may be useful. |
|
| Back to top |
|
|
dE_logics
Advocate
Joined: 02 Jan 2009
Posts: 2290
Location: $TERM
|
| Posted: Thu May 20, 2010 4:45 am Post subject: |
|
|
| jordanwb wrote: | | Not sure if this is useful but I think there is a file that controls the default options that is assigned to a file system upon mounting or upon creation. I'm not sure where these files might be. I'm looking right now. |
You mean the .ntfs-3g directory?
Here we go:
Mount command documentation regarding NTFS:
| Quote: | uid=value, gid=value and umask=value
Set the file permission on the filesystem. The umask value is given in octal. By default, the files are owned by root and not readable by somebody else. |
Yes, I always do that.
Not sure what to set these to but umask may be useful.[/quote]
I put 003...that's generic. 007 is reasonably secure and 077 is the most secure.
On my desktop I have the user 'de' with the ownership as de:root with umask 007 (this is defined in /etc/profile). That keeps me happy.
_________________
My blog |
|
| Back to top |
|
|
|
Networking & Security
