Other ntfs-3g again and again

[talsamon]

man ntfs-3g
If ntfs-3g is set setuid-root then non-root users will be also able to
mount volumes

sudo chmod +s /usr/local/bin/ntfs-3g

Mount is denied because setuid and setgid root ntfs-3g is insecure with the
external FUSE library. Either remove the setuid/setgid bit from the binary
or rebuild NTFS-3G with integrated FUSE support and make it setuid root.
Please see more information at
http://tuxera.com/community/ntfs-3g-faq/#unprivileged

The information on this site is crap.
(Tried this all, no chance).

Tried to make a ntfsuser group...nothing.
And the "big hint" chown /dev/da0sX to root:ntfsuser or user:ntfsuser ... /dev/da0sX doesn't exist before I plug in.


What's now? Set setuid or not? (I does not matter, it works neither nor).


I can mount CD-ROM as normal user, but not the external drive or USB - which had NTFS - I need it for exchange with Windows-pc's.

Ok, I can mount it with root or sudo(8), but all files have root as owner on the drive, this causes problems.

Sorry, this is since years f....... , 3817 explanations how it works, but none is right.

 

[talsamon]

Sorry ... I am very angry.... but has anyone a solution ?

 

[kpa]

Short answer is that setuid(2) root binaries are a very very bad idea from the security point of view. A single slip up from the programmer could open a gaping hole to allow anyone using the program to gain superuser privileges. The proper way to handle programs like the FUSE binaries would be to use capabilities (what MS Windows does btw...) that are granted to users but unfortunately UNIX and UNIX-like OSes are still stuck in the classic three-level permission model where permissions are granted to user, group and "world" (everyone else) and that makes fine grained control of permissions a tough task. There are ACLs (setfacl(1) and friends in FreeBSD) that would solve the problem very nicely but they are not used by default because everyone expects the classic way of handling permissions to be the default.

 

[kpa]

Forgot to mention, the usual solution is to create a special group that has access to the resource. For example, the operator group in FreeBSD has (at least) read access to disk devices. This works to certain extent but starts to fail when there are many users in multiple groups each requiring a different level of access to the resource. One particular problem is that each file (everything is a file in UNIX) can only belong to a one group at a time so you could create a special group fuse for allowing access to FUSE filesystem and set device nodes to that group but that would then exclude the operator group completely.

 

[tobik@]

Ok, I can mount it with root or sudo, but all files hat root as owner on the drive, this causes problems.

Not really a solution to your problem, but you could mount with -o uid=1001,gid=1001 where 1001 is your UID/GID (get them with id -u and id -g) to make your user the owner of every file.

 

[talsamon]

tobik this seems a good idea thanks.
I will trying some things, post later an answer.

 

[talsamon]

I have formatted one extern drive with ext2 for test, but should work with linux and windows.
(There are small programms for windows to work with ext2 and if I remember right, they working good).

 

[talsamon]

kpa I know the problem with setuid - It was only the example description und error message. I don't want to set it, but I test it if works, but it doesn't.