1NTFSSECAUDIT(8)             System Manager's Manual            NTFSSECAUDIT(8)
2
3
4

NAME

6       ntfssecaudit - NTFS Security Data Auditing
7

SYNOPSIS

9       ntfssecaudit [options] args
10
11       Where options is a combination of :
12              -a full auditing of security data (Linux only)
13              -b backup ACLs
14              -e setting extra backed-up parameters (in conjunction with -s)
15              -h displaying hexadecimal security descriptors saved in a file
16              -r recursing in a directory
17              -s setting backed-up ACLs
18              -u getting a user mapping proposal
19              -v verbose (very verbose if set twice)
20
21       and args define the parameters and the set of files acted upon.
22
23       Typing  secaudit  with  no  args  will  display  a summary of available
24       options.
25

DESCRIPTION

27       ntfssecaudit displays the ownership and permissions of a set  of  files
28       on an NTFS file system, and checks their consistency. It can be started
29       in terminal mode only (no graphical user interface is available.)
30
31       When a volume is required, it has to be unmounted, and the command  has
32       to  be  issued as root. The volume can be either a block device (i.e. a
33       disk partition) or an image file.
34
35       When acting on a directory or volume, the command may produce a lot  of
36       information. It is therefore advisable to redirect the output to a file
37       or pipe it to a text editor for examination.
38

OPTIONS

40       Below are the valid combinations of options and arguments that  ntfsse‐
41       caudit  accepts.  All the indicated arguments are mandatory and must be
42       unique (if wildcards are used, they must resolve to a single name.)
43
44       -h file
45              Displays in an human  readable  form  the  hexadecimal  security
46              descriptors  saved  in  file. This can be used to turn a verbose
47              output into a very verbose output.
48
49       -a[rv] volume
50              Audits the volume : all the global security data on  volume  are
51              scanned  and  errors are displayed. If option -r is present, all
52              files and directories are also scanned and  their  relations  to
53              global  security  data  are  checked.  This can produce a lot of
54              data.
55
56              This option is not effective on volumes formatted for  old  NTFS
57              versions  (pre  NTFS  3.0). Such volumes have no global security
58              data.
59
60              When errors are signalled, it is advisable to repair the  volume
61              with an appropriate tool (such as chkdsk on Windows.)
62
63       [-v] volume file
64              Displays the security parameters of file : its interpreted Linux
65              mode (rwx flags in octal) and Posix ACL[1], its security key  if
66              any, and its security descriptor if verbose output.
67
68       -r[v] volume directory
69              displays the security parameters of all files and subdirectories
70              in directory : their interpreted Linux mode (rwx flags in octal)
71              and  Posix ACL[1], their security key if any, and their security
72              descriptor if verbose output.
73
74       -b[v] volume [directory]
75              Recursively extracts to standard output the NTFS ACLs  of  files
76              in volume and directory.
77
78       -s[ev] volume [backup-file]
79              Sets  the  NTFS  ACLS  as  indicated  in backup-file or standard
80              input. The input data must have  been  created  on  Linux.  With
81              option   -e,  also  sets  extra  parameters  (currently  Windows
82              attrib).
83
84       volume perms file
85              Sets the security parameters of file  to  perms.  Perms  is  the
86              Linux  requested  mode (rwx flags, expressed in octal form as in
87              chmod) or a Posix ACL[1] (expressed like in  setfacl  -m).  This
88              sets a new ACL which is effective for Linux and Windows.
89
90       -r[v] volume perms directory
91              Sets  the security parameters of all files and subdirectories in
92              directory to perms. Perms  is  the  Linux  requested  mode  (rwx
93              flags,  expressed  in octal form as in chmod), or a Posix ACL[1]
94              (expressed like in setfacl -m.) This sets  new  ACLs  which  are
95              effective for Linux and Windows.
96
97       [-v] mounted-file
98              Displays  the  security  parameters of mounted-file : its inter‐
99              preted Linux mode (rwx flags in octal)  and  Posix  ACL[1],  its
100              security key if any, and its security descriptor if verbose out‐
101              put. This is a special case which acts on  a  mounted  file  (or
102              directory) and does not require being root. The Posix ACL inter‐
103              pretation can only be displayed if the full path to mounted-file
104              from the root of the global file tree is provided.
105
106       -u[v] mounted-file
107              Displays  a  proposed contents for a user mapping file, based on
108              the ownership parameters set by Windows on mounted-file,  assum‐
109              ing  this  file was created on Windows by the user who should be
110              mapped to the current Linux user. The displayed information  has
111              to  be copied to the file .NTFS-3G/UserMapping where .NTFS-3G is
112              a hidden subdirectory of the root of the partition for which the
113              mapping is to be defined. This will cause the ownership of files
114              created on that  partition  to  be  the  same  as  the  original
115              mounted-file.
116

NOTE

118       [1] provided the POSIX ACL option was selected at compile time. A Posix
119       ACL specification looks like "[d:]{ugmo}:[id]:[perms],..." where id  is
120       a  numeric user or group id, and perms an octal digit or a set from the
121       letters r, w and x.
122              Example : "u::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7"
123

EXAMPLES

125       Audit the global security data on /dev/sda1
126
127              ntfssecaudit -ar /dev/sda1
128
129       Display the ownership and permissions parameters for files in directory
130       /audio/music on device /dev/sda5, excluding sub-directories :
131
132              ntfssecaudit /dev/sda5 /audio/music
133
134       Set  all  files in directory /audio/music on device /dev/sda5 as write‐
135       able by owner and read-only for everybody :
136
137              ntfssecaudit -r /dev/sda5 644 /audio/music
138
139

EXIT CODES

141       ntfssecaudit exits with a value of 0 when no error  was  detected,  and
142       with a value of 1 when an error was detected.
143

KNOWN ISSUES

145       Please see
146
147              http://www.tuxera.com/community/ntfs-3g-faq/
148
149       for  common questions and known issues.  If you would find a new one in
150       the latest release of the software then please send an email describing
151       it   in   detail.   You   can  contact  the  development  team  on  the
152       ntfs-3g-devel@lists.sf.net address.
153

AUTHORS

155       ntfssecaudit has been developed by Jean-Pierre André.
156

THANKS

158       Several people made heroic efforts, often over five or more years which
159       resulted  the  ntfs-3g  driver.  Most  importantly they are Anton Alta‐
160       parmakov, Richard Russon, Szabolcs Szakacsits,  Yura  Pakhuchiy,  Yuval
161       Fledel,  and  the author of the groundbreaking FUSE filesystem develop‐
162       ment framework, Miklos Szeredi.
163

SEE ALSO

165       ntfsprogs(8), attr(5), getfattr(1)
166
167
168
169ntfssecaudit 1.5.0               February 2010                 NTFSSECAUDIT(8)
Impressum