257 lines
8.6 KiB
HTML
257 lines
8.6 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of NTFSSECAUDIT</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>NTFSSECAUDIT</H1>
|
|
Section: Maintenance Commands (8)<BR>Updated: February 2010<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
ntfssecaudit - NTFS Security Data Auditing
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B>ntfssecaudit</B>
|
|
|
|
<B>[</B><I>options</I><B>]</B>
|
|
<I>args</I>
|
|
|
|
<P>
|
|
|
|
Where <I>options</I> is a combination of :
|
|
<DL COMPACT><DT id="1"><DD>
|
|
-a full auditing of security data (Linux only)
|
|
</DL>
|
|
|
|
<DL COMPACT><DT id="2"><DD>
|
|
-b backup ACLs
|
|
</DL>
|
|
|
|
<DL COMPACT><DT id="3"><DD>
|
|
-e setting extra backed-up parameters (in conjunction with -s)
|
|
</DL>
|
|
|
|
<DL COMPACT><DT id="4"><DD>
|
|
-h displaying hexadecimal security descriptors saved in a file
|
|
</DL>
|
|
|
|
<DL COMPACT><DT id="5"><DD>
|
|
-r recursing in a directory
|
|
</DL>
|
|
|
|
<DL COMPACT><DT id="6"><DD>
|
|
-s setting backed-up ACLs
|
|
</DL>
|
|
|
|
<DL COMPACT><DT id="7"><DD>
|
|
-u getting a user mapping proposal
|
|
</DL>
|
|
|
|
<DL COMPACT><DT id="8"><DD>
|
|
-v verbose (very verbose if set twice)
|
|
</DL>
|
|
|
|
<P>
|
|
|
|
and args define the parameters and the set of files acted upon.
|
|
<P>
|
|
|
|
Typing secaudit with no args will display a summary of available options.
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<B>ntfssecaudit</B>
|
|
displays the ownership and permissions of a set of files on an NTFS
|
|
file system, and checks their consistency. It can be started in terminal
|
|
mode only (no graphical user interface is available.)
|
|
<P>
|
|
|
|
When a <I>volume</I> is required, it has to be unmounted, and the command
|
|
has to be issued as <B>root</B>. The <I>volume</I> can be either a block
|
|
device (i.e. a disk partition) or an image file.
|
|
<P>
|
|
|
|
When acting on a directory or volume, the command may produce a lot
|
|
of information. It is therefore advisable to redirect the output to
|
|
a file or pipe it to a text editor for examination.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>OPTIONS</H2>
|
|
|
|
Below are the valid combinations of options and arguments that
|
|
<B>ntfssecaudit</B> accepts. All the indicated arguments are
|
|
mandatory and must be unique (if wildcards are used, they must
|
|
resolve to a single name.)
|
|
<DL COMPACT>
|
|
<DT id="9"><B>-h</B> <I>file</I><DD>
|
|
Displays in an human readable form the hexadecimal security descriptors
|
|
saved in <I>file</I>. This can be used to turn a verbose output into a very
|
|
verbose output.
|
|
<DT id="10"><B>-a[rv]</B> <I>volume</I><DD>
|
|
Audits the volume : all the global security data on <I>volume</I> are scanned
|
|
and errors are displayed. If option <B>-r</B> is present, all files and
|
|
directories are also scanned and their relations to global security data
|
|
are checked. This can produce a lot of data.
|
|
<P>
|
|
This option is not effective on volumes formatted for old NTFS versions (pre
|
|
NTFS 3.0). Such volumes have no global security data.
|
|
<P>
|
|
When errors are signalled, it is advisable to repair the volume with an
|
|
appropriate tool (such as <B>chkdsk</B> on Windows.)
|
|
<DT id="11"><B>[-v]</B> <I>volume</I> <I>file</I><DD>
|
|
Displays the security parameters of <I>file</I> : its interpreted Linux mode
|
|
(rwx flags in octal) and Posix ACL[1], its security key if any, and its
|
|
security descriptor if verbose output.
|
|
<DT id="12"><B>-r[v]</B> <I>volume</I> <I>directory</I><DD>
|
|
displays the security parameters of all files and subdirectories in
|
|
<I>directory</I> : their interpreted Linux mode (rwx flags in octal) and Posix
|
|
ACL[1], their security key if any, and their security descriptor if
|
|
verbose output.
|
|
<DT id="13"><B>-b[v] </B><I>volume</I> <I>[directory]</I>
|
|
|
|
<DD>
|
|
Recursively extracts to standard output the NTFS ACLs of files in <I>volume</I>
|
|
and <I>directory</I>.
|
|
<DT id="14"><B>-s[ev]</B> <I>volume</I> <I>[backup-file]</I><DD>
|
|
Sets the NTFS ACLS as indicated in <I>backup-file</I> or standard input. The
|
|
input data must have been created on Linux. With option <B>-e</B>, also sets
|
|
extra parameters (currently Windows attrib).
|
|
<DT id="15"><I>volume</I> <I>perms</I> <I>file</I><DD>
|
|
Sets the security parameters of file to perms. Perms is the Linux
|
|
requested mode (rwx flags, expressed in octal form as in chmod) or
|
|
a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL
|
|
which is effective for Linux and Windows.
|
|
<DT id="16"><B>-r[v]</B> <I>volume</I> <I>perms</I> <I>directory</I><DD>
|
|
Sets the security parameters of all files and subdirectories in
|
|
<I>directory</I> to <I>perms</I>. Perms is the Linux requested mode (rwx flags,
|
|
expressed in octal form as in <B>chmod</B>), or a Posix ACL[1] (expressed like
|
|
in <B>setfacl -m</B>.) This sets new ACLs which are effective for Linux and
|
|
Windows.
|
|
<DT id="17"><B>[-v]</B> <I>mounted-file</I><DD>
|
|
Displays the security parameters of <I>mounted-file</I> : its interpreted
|
|
Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any,
|
|
and its security descriptor if verbose output. This is a special case which
|
|
acts on a mounted file (or directory) and does not require being root. The
|
|
Posix ACL interpretation can only be displayed if the full path to
|
|
<I>mounted-file</I> from the root of the global file tree is provided.
|
|
<DT id="18"><B>-u[v]</B> <I>mounted-file</I><DD>
|
|
Displays a proposed contents for a user mapping file, based on the
|
|
ownership parameters set by Windows on <I>mounted-file</I>, assuming
|
|
this file was created on Windows by the user who should be mapped to the
|
|
current Linux user. The displayed information has to be copied to the
|
|
file <B>.NTFS-3G/UserMapping</B> where <B>.NTFS-3G</B> is a hidden
|
|
subdirectory of the root of the partition for which the mapping is to
|
|
be defined. This will cause the ownership of files created on that
|
|
partition to be the same as the original <I>mounted-file</I>.
|
|
</DL>
|
|
<A NAME="lbAF"> </A>
|
|
<H2>NOTE</H2>
|
|
|
|
[1] provided the POSIX ACL option was selected at compile time. A Posix ACL
|
|
specification looks like "<B>[d:]{ugmo}:[id]:[perms],...</B>" where id is a
|
|
numeric user or group id, and perms an octal digit or a set from the letters
|
|
r, w and x.
|
|
<DL COMPACT><DT id="19"><DD>
|
|
Example : "<B>u::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7</B>"
|
|
</DL>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>EXAMPLES</H2>
|
|
|
|
Audit the global security data on /dev/sda1
|
|
<DL COMPACT><DT id="20"><DD>
|
|
<P>
|
|
<B>ntfssecaudit -ar /dev/sda1</B>
|
|
|
|
<P>
|
|
</DL>
|
|
|
|
Display the ownership and permissions parameters for files in directory
|
|
/audio/music on device /dev/sda5, excluding sub-directories :
|
|
<DL COMPACT><DT id="21"><DD>
|
|
<P>
|
|
<B>ntfssecaudit /dev/sda5 /audio/music</B>
|
|
|
|
<P>
|
|
</DL>
|
|
|
|
Set all files in directory /audio/music on device /dev/sda5 as writeable
|
|
by owner and read-only for everybody :
|
|
<DL COMPACT><DT id="22"><DD>
|
|
<P>
|
|
<B>ntfssecaudit -r /dev/sda5 644 /audio/music</B>
|
|
|
|
<P>
|
|
</DL>
|
|
|
|
<A NAME="lbAH"> </A>
|
|
<H2>EXIT CODES</H2>
|
|
|
|
<B>ntfssecaudit</B>
|
|
|
|
exits with a value of 0 when no error was detected, and with a value
|
|
of 1 when an error was detected.
|
|
<A NAME="lbAI"> </A>
|
|
<H2>KNOWN ISSUES</H2>
|
|
|
|
Please see
|
|
<DL COMPACT><DT id="23"><DD>
|
|
<P>
|
|
<A HREF="http://www.tuxera.com/community/ntfs-3g-faq/">http://www.tuxera.com/community/ntfs-3g-faq/</A>
|
|
<P>
|
|
</DL>
|
|
|
|
for common questions and known issues.
|
|
If you would find a new one in the latest release of
|
|
the software then please send an email describing it
|
|
in detail. You can contact the
|
|
development team on the <A HREF="mailto:ntfs-3g-devel@lists.sf.net">ntfs-3g-devel@lists.sf.net</A>
|
|
address.
|
|
<A NAME="lbAJ"> </A>
|
|
<H2>AUTHORS</H2>
|
|
|
|
<B>ntfssecaudit</B>
|
|
|
|
has been developed by Jean-Pierre André.
|
|
<A NAME="lbAK"> </A>
|
|
<H2>THANKS</H2>
|
|
|
|
Several people made heroic efforts, often over five or more
|
|
years which resulted the ntfs-3g driver. Most importantly they are
|
|
Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy,
|
|
Yuval Fledel, and the author of the groundbreaking FUSE filesystem development
|
|
framework, Miklos Szeredi.
|
|
<A NAME="lbAL"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+ntfsprogs">ntfsprogs</A></B>(8),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?5+attr">attr</A></B>(5),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?1+getfattr">getfattr</A></B>(1)
|
|
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="24"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="25"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="26"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="27"><A HREF="#lbAE">OPTIONS</A><DD>
|
|
<DT id="28"><A HREF="#lbAF">NOTE</A><DD>
|
|
<DT id="29"><A HREF="#lbAG">EXAMPLES</A><DD>
|
|
<DT id="30"><A HREF="#lbAH">EXIT CODES</A><DD>
|
|
<DT id="31"><A HREF="#lbAI">KNOWN ISSUES</A><DD>
|
|
<DT id="32"><A HREF="#lbAJ">AUTHORS</A><DD>
|
|
<DT id="33"><A HREF="#lbAK">THANKS</A><DD>
|
|
<DT id="34"><A HREF="#lbAL">SEE ALSO</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:14 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|