Can't mount NTFS partition as unpriviledged user

From the ntfs-3g faq:
Unprivileged block device mounts work only if all the below requirements are met:

  1. ntfs-3g is compiled with integrated FUSE support
  2. the ntfs-3g binary is at least version 1.2506
ntfs-3g: No device is specified.

ntfs-3g 2021.8.22 integrated FUSE 28 - Third Generation NTFS Driver
		Configuration type 7, XATTRS are on, POSIX ACLS are on

Copyright (C) 2005-2007 Yura Pakhuchiy
Copyright (C) 2006-2009 Szabolcs Szakacsits
Copyright (C) 2007-2021 Jean-Pierre Andre
Copyright (C) 2009-2020 Erik Larsson

Usage:    ntfs-3g [-o option[,...]] <device|image_file> <mount_point>

Options:  ro (read-only mount), windows_names, uid=, gid=,
          umask=, fmask=, dmask=, streams_interface=.
          Please see the details in the manual (type: man ntfs-3g).

Example: ntfs-3g /dev/sda1 /mnt/windows

Plugin path: /usr/lib64/ntfs-3g

News, support and information:  http://tuxera.com
  1. the ntfs-3g binary is set to setuid-root
rwxr-xr-x.  1 root root       121176 Jan 20 22:38 lowntfs-3g
rwsr-s---.  1 root ntfsuser   166888 Jan 20 22:38 ntfs-3g
rwxr-xr-x.  1 root root        16248 Jan 20 22:38 ntfs-3g.probe
lrwxrwxrwx.  1 root root            7 Jan 20 22:38 ntfsmount -> ntfs-3g
  1. the user has access right to the volume

$ groups nox
nox : nox wheel ntfsuser

  1. the user has access right to the mount point

$ ls -l /mnt/ | grep win
drwxr-xr-x. 1 nox nox 0 May 25 17:40 windows

fstab entry

LABEL=windows /mnt/windows ntfs-3g defaults,users,noauto 0 0
(I did not set uid,gid,umask,fmask and dmask because their default value are sufficient)

I’m kind of stumped. Any help would be appreciated !

I was trying to do the same thing and actually your post helped me to achieve this! Not sure what failed in your case, though.

In my situation the windows ntfs partition was /dev/sda3

ls -l /dev/sda3
brw-rw----. 1 root disk 8, 3 May 30 13:39 /dev/sda3

and (aside from adding the ntfsuser group and configuring the ntfs-3g as per the faq instructions) I had to assign the group disk to the user

sudo usermod -a -G disk giuliohome

then I rebooted to make the groups current and eventually from a terminal I issued

ntfs-3g /dev/sda3 /run/media/giuliohome/Acer

which worked fine for me, afaics

2 Likes

I’m very happy that my post helped you !

By doing the same as you did, I managed to mount the partition via terminal (as an unpriviledged user) while being part of the disk group.

I think that to security minded people adding a regular user to the disk group is a nightmare.

So, now I can mount my partition as an unpriviledged user via the terminal but still not in my graphical file explorers (dolphin or krusader)

I’ll mark the thread as solved and I’ll update my post if I find the culprit (probably udisks2).

1 Like

Yes, correct, I agree.

More details here

Indeed see the answer by Lawaacz from the discussion page of the ntfs-3g wiki.

As they suggest, I’ve removed the user from the disk group (sudo gpasswd -d giuliohome disk and rebooted) and achieved the same via

udisksctl mount -b /dev/sda3

which appears to work fine in my case (e.g. I see giuliohome as the owner of the files mounted under /run/media/giuliohome/Acer1 etc…)

1 Like

After some research I found that on other distros, udisksctl has suid root. Mine didn’t have it so I added it in the same manner as described in the ntfs 3g faq

[N] ~ ❯❯❯ ls -l  $(which udisksctl)
-rwxr-xr-x. 1 root root 62368 Mar  3 16:41 /usr/bin/udisksctl*
[I] ~ ❯❯❯ sudo groupadd udisksmount                                                           
[I] ~ ❯❯❯ sudo chown root:udisksmount $(which udisksctl)
[I] ~ ❯❯❯ sudo chmod 4750 $(which udisksctl)                                                   
[I] ~ ❯❯❯ sudo usermod -aG udisksmount nox                     
[I] ~ ❯❯❯ ls -l  $(which udisksctl)
-rwsr-x---. 1 root udisksmount 62368 Mar  3 16:41 /usr/bin/udisksctl*

After which I could mount my partition using udisksctl.

[I] ~ ❯❯❯ udisksctl mount -b /dev/sdb4 /mnt/windows/
Mounted /dev/sdb4 at /mnt/windows

Using my graphical file explorer, the password still gets asked.

I will mark this thread as solved since I can mount ntfs partitions as an unprivileged user.

Upon hitting the “details” button when I get asked for authentification, I can see that the x-udisks-auth option is specified in my fstab (even if I didn’t!). This is the problem.

Screenshot_20220531_124700

You can follow my new thread in the udisks project github issues

2 Likes

Out of my curiosity, I’m not sure why you don’t find good - for security reasons - to be asked a password (* see note below about password-less mount), but anyway, more importantly, if I follow the suid root instructions as above then my partition is mounted with root as owner, which is not what I want in my situation, likely because we have different “desiderata” (for me it is acceptable to be asked a password, when mounting the partition from the terminal or from nautilus, but it’s important to be the owner of the mounted folders, e.g. to npm -i there, etc…).

BTW thank you for sharing the github issue you opened :slight_smile: I also subscribed it, just to be informed.

* Note about password-less mount

See this answer and this example
As explained above I’m able to do the following without being asked for a password.

[giuliohome@localhost ~]$ sudo vim /etc/polkit-1/rules.d/10-udisks2.rules
[giuliohome@localhost ~]$ udisksctl mount -b /dev/sda3
Mounted /dev/sda3 at /run/media/giuliohome/Acer
[giuliohome@localhost ~]$ ls /run/media/giuliohome/Acer/dev/git/ -l
total 31504
drwxrwxrwx. 1 giuliohome giuliohome     4096 May 30 13:29 fe-react-01

notice that it works the same from nautilus gui as well, so now it’s also not asking for a password when mounting the partition, if such a rule is present.