Easily Enable NTFS Read/Write Support on Multiple Machines with NTFS-3G | SUSE Communities

Easily Enable NTFS Read/Write Support on Multiple Machines with NTFS-3G


SLED 10 Service Pack 2 introduced read/write support for NTFS volumes via the inclusion of ntfs-3g. However even with ntfs-3g installed, and it is not installed by default, an NTFS formatted USB drive will still only mount read-only when plugged in because the kernel’s ntfs driver is used rather than ntfs-3g.

If you are only dealing with a single machine on which you have root, then by far the easiest way to get read/write support by default is to install ntfs-config. You can get ntfs-config from http://flomertens.free.fr/ntfs-config/ or there is an rpm for SLED 10 available from the openSUSE build service at http://software.opensuse.org/search. ntfs-config provides trivial enabling/disabling of write support via a simple GUI. However, if you are managing a large number of machines going round and running ntfs-config on them is not very practical. Especially because ntfs-config only provides a GUI for enable/disable, it doesn’t provide a script you can run from the command line. If you don’t give users root access on their machines (as we don’t where I work) then they cannot do it themselves. So what you need is a simple way of enabling read-write support on all machines you manage.

The way ntfs-config enables/disables write support is by creating/removing a symbolic link called /etc/hal/fdi/policy/ 20-ntfs-3g-write-policy.fdi which points at one of two fdi files installed elsewhere. Pointing the link at one of the fdi files causes write support to be enabled, pointing at the other causes write support not to be enabled. (Though this seems redundant since the default behaviour without the link present is to mount read only.) So if you just want to enable write support you need to find the file write-policy.fdi that is in ntfs-config and put that on all your machines as etc/hal/fdi/policy/20-ntfs-3g-write.fdi How you get that file on all your machines is up to you. I deployed it in an rpm package (spec attached) along with a small script (below) that manages the mount permissions.

With etc/hal/fdi/policy/20-ntfs-3g-write.fdi in place NTFS volumes will mount read/write with the ntfs-3g driver by default. But there is still the matter of permissions. The default behaviour of ntfs-3g is to mount the volume with global read/write/execute permissions. I don’t like that. Linux is a multi-user system and where I work our users have ssh access. This means that if someone plugs in their NTFS formatted USB drive, anyone logging to that machine at the same time has the ability to read/alter/delete their files. To correct this security problem a small script can be used to specify the mount permissions, in this case to mount with read/write/execute just for the owner.

------begin /usr/local/sbin/mount.ntfs-3g------
/bin/ntfs-3g -o umask=0077,noatime "$@"
------end /usr/local/sbin/mount.ntfs-3g------

I deployed this script to machines in the same rpm as the fdi file.

Now to get that script to be used for mounting NTFS volumes you need to look at /sbin/mount.ntfs-3g which is a symbolic link to /bin/ntfs-3g. The link needs to point at /usr/local/sbin/mount.ntfs-3g instead.

$ cd /sbin/
$ mv mount.ntfs-3g mount.ntfs-3g.orig
$ ln -s /usr/local/sbin/mount.ntfs-3g

I put these commands in the post-install section of my rpm and commands to put back the original /sbin/mount.ntfs-3g in the post-uninstall script.

(Visited 1 times, 1 visits today)


  • Anonymous says:

    Hi Mike,

    Thank you very much for discussing this issue and explaining a so elegant solution. It surely will save us a lot of time!

    Best regards,

  • Leave a Reply

    Your email address will not be published.