1NTFS-3G.SECAUDIT(8) System Manager's Manual NTFS-3G.SECAUDIT(8)
2
6 ntfs-3g.secaudit - NTFS Security Data Auditing
7
9 ntfs-3g.secaudit [options] args
10 Where options is a combination of :
12 -a full auditing of security data (Linux only)
13 -b backup ACLs
14 -e setting extra backed-up parameters (in conjunction with -s)
15 -h displaying hexadecimal security descriptors saved in a file
16 -r recursing in a directory
17 -s setting backed-up ACLs
18 -v verbose (very verbose if set twice)
19 and args define the parameters and the set of files acted upon.
21 Typing secaudit with no args will display a summary of available
23 options.
24
26 ntfs-3g.secaudit displays the ownership and permissions of a set of
27 files on an NTFS file system, and checks their consistency. It can be
28 started in terminal mode only (no graphical user interface is avail‐
29 able.)
30 When a volume is required, it has to be unmounted, and the command has
32 to be issued as root. The volume can be either a block device (i.e. a
33 disk partition) or an image file.
34 When acting on a directory or volume, the command may produce a lot of
36 information. It is therefore advisable to redirect the output to a file
37 or pipe it to a text editor for examination.
38
40 Below are the valid combinations of options and arguments that
41 ntfs-3g.secaudit accepts. All the indicated arguments are mandatory and
42 must be unique (if wildcards are used, they must resolve to a single
43 name.)
44 -h file
46 Displays in an human readable form the hexadecimal security
47 descriptors saved in file. This can be used to turn a verbose
48 output into a very verbose output.
49 -a[rv] volume
51 Audits the volume : all the global security data on volume are
52 scanned and errors are displayed. If option -r is present, all
53 files and directories are also scanned and their relations to
54 global security data are checked. This can produce a lot of
55 data.
56 This option is not effective on volumes formatted for old NTFS
58 versions (pre NTFS 3.0). Such volumes have no global security
59 data.
60 When errors are signalled, it is advisable to repair the volume
62 with an appropriate tool (such as chkdsk on Windows.)
63 [-v] volume file
65 Displays the security parameters of file : its interpreted Linux
66 mode (rwx flags in octal) and Posix ACL[1], its security key if
67 any, and its security descriptor if verbose output.
68 -r[v] volume directory
70 displays the security parameters of all files and subdirectories
71 in directory : their interpreted Linux mode (rwx flags in octal)
72 and Posix ACL[1], their security key if any, and their security
73 descriptor if verbose output.
74 -b[v] volume [directory]
76 Recursively extracts to standard output the NTFS ACLs of files
77 in volume and directory.
78 -s[ev] volume [backup-file]
80 Sets the NTFS ACLS as indicated in backup-file or standard
81 input. The input data must have been created on Linux. With
82 option -e, also sets extra parameters (currently Windows
83 attrib).
84 volume perms file
86 Sets the security parameters of file to perms. Perms is the
87 Linux requested mode (rwx flags, expressed in octal form as in
88 chmod) or a Posix ACL[1] (expressed like in setfacl -m). This
89 sets a new ACL which is effective for Linux and Windows.
90 -r[v] volume perms directory
92 Sets the security parameters of all files and subdirectories in
93 directory to perms. Perms is the Linux requested mode (rwx
94 flags, expressed in octal form as in chmod), or a Posix ACL[1]
95 (expressed like in setfacl -m.) This sets new ACLs which are
96 effective for Linux and Windows.
97 [-v] mounted-file
99 Displays the security parameters of mounted-file : its inter‐
100 preted Linux mode (rwx flags in octal) and Posix ACL[1], its
101 security key if any, and its security descriptor if verbose out‐
102 put. This is a special case which acts on a mounted file (or
103 directory) and does not require being root. The Posix ACL inter‐
104 pretation can only be displayed if the full path to mounted-file
105 from the root of the global file tree is provided.
106
108 [1] provided the POSIX ACL option was selected at compile time. A Posix
109 ACL specification looks like "[d:]{ugmo}:[id]:[perms],..." where id is
110 a numeric user or group id, and perms an octal digit or a set from the
111 letters r, w and x.
112 Example : "u::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7"
113
115 Audit the global security data on /dev/sda1
116 ntfs-3g.secaudit -ar /dev/sda1
118 Display the ownership and permissions parameters for files in directory
120 /audio/music on device /dev/sda5, excluding sub-directories :
121 ntfs-3g.secaudit /dev/sda5 /audio/music
123 Set all files in directory /audio/music on device /dev/sda5 as write‐
125 able by owner and read-only for everybody :
126 ntfs-3g.secaudit -r /dev/sda5 644 /audio/music
128
131 ntfs-3g.secaudit exits with a value of 0 when no error was detected,
132 and with a value of 1 when an error was detected.
133
135 Please see
136 http://www.tuxera.com/community/ntfs-3g-faq/
138 for common questions and known issues. If you would find a new one in
140 the latest release of the software then please send an email describing
141 it in detail. You can contact the development team on the
142 ntfs-3g-devel@lists.sf.net address.
143
145 ntfs-3g.secaudit has been developed by Jean-Pierre André.
146
148 Several people made heroic efforts, often over five or more years which
149 resulted the ntfs-3g driver. Most importantly they are Anton Alta‐
150 parmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy, Yuval
151 Fledel, and the author of the groundbreaking FUSE filesystem develop‐
152 ment framework, Miklos Szeredi.
153
155 ntfsprogs(8), attr(5), getfattr(1)
156ntfs-3g.secaudit 1.3.8 February 2010 NTFS-3G.SECAUDIT(8)