How do I mount an NTFS partition in /etc/fstab and prevent files/directories from receiving exec permissions when they're created?
Wikipedia isn't as good a reference as the man page. Both the the traditional ntfs
driver and the now-preferred ntfs-3g support the umask
option.
You shouldn't set umask
to exclude executable permissions on directories, though, since you can't access files inside a non-executable directory. Instead, use separate values for fmask=0111
(non-directories) and dmask=0777
(directories) (you can omit this one since all bits allowed is the default value).
Related videos on Youtube
Ricardo Altamirano
Originally from Nicaragua, educated in Edinburgh and the USA, and now living primarily in London. Useful questions and answers Stack Overflow Debugging CREATE TABLE statements Logging in Python Simple string formatting in Python Reference types in C# String compression in C# using Gzip Meta Stack Overflow Book recommendation questions Answering old questions with a solution in the comments IT Security Cryptographically secure random strings in PHP LaTeX Fitting a table on a page through rotation StackExchange Flair
Updated on September 18, 2022Comments
-
Ricardo Altamirano over 1 year
I have an NTFS partition that I want to mount using
/etc/fstab
. I don't want any files to have executable permissions on this drive, so I wrote the following rule:/dev/sda2 /media/sharedfolder ntfs auto,user,noatime,noexec,rw,async 0 0
However, I don't believe this will prevent files from being created with executable permissions. It will simply prevent them from being executed. Perhaps this is fine, but is it possible to remove all executable permissions from newly created files on this partition using an
/etc/fstab
rule?Would using
umask
andfmask
be enough, like this rule?/dev/sda2 /media/sharedfolder ntfs auto,user,noatime,noexec,rw,async,umask=0111, 0 0
I'm unsure because Wikipedia lists
umask
as an option specific to the FAT filesystem. -
Ricardo Altamirano over 11 yearsIs
ntfs-3g
preferred because it's a newer driver (and therefore I would assume has better support, more stability, etc.)? I addedfmask=0111
to my options list, and once I remount the partition withmount -a
, files created shouldn't be executable when created, correct? -
Gilles 'SO- stop being evil' over 11 years@RicardoAltamirano ntfs-3g has at least better write support, I don't know the details.
mount -a
doesn't have any effect if the filesystem is already mounted, you need to unmount it first or runmount -o remount,fmask=0111,… /mount/point
. -
Ricardo Altamirano over 11 yearsThe addition of
fmask
does just what I need, and thank you for the additionalmount
command as well.