Managing NTFS Partitions
In this article we will look at how to manage NTFS partitions we will look at how to mount NTFS partitions, have the partition automatically mounted at boot up, clone a NTFS partition and how to recover deleted files that may have been deleted accidentally. The NTFS (New Technology File System) is a propitiatory file system created by Microsoft and provided as a default file system in a wide variety of Microsoft Operating Systems (Windows XP, Windows Vista, etc).
Installation
In this section of the article we will need to install the NTFS utilities if they have not already been installed this can be done by using the YaST utility. The YaST software management module can be started by using two different commands, the first command is yast sw_single which will start a curses based interface and the second command is yast2 sw_single which will start a GUI (Graphical User Interface). In this article we will be using the yast sw_single command to install the DHCP server.
Once you have started the YaST software management module you will need to search for the the keyword “ntfs”. Once you have selected the “ntfsprogs” package you can begin the installation and then exit once the installation has finished. The next step is to confirm that the “ntfsprogs” package was installed successfully this can be done by issuing the rpm command followed by the -q qualifier as shown in Figure 1.1.
linux-5j56:~ # rpm -q ntfsprogs ntfsprogs-1.11.2-15.2
Figure 1.1: Querying the RPM database for the “ntfsprogs” package.
Mounting a NTFS Partition
In this section of the article we will look at mounting the NTFS partitions with read only properties. The first task is to find out which partition has been formatted with the NTFS, this can be done by issuing the fdisk command with the -l qualifier as shown in Figure 2.1.
linux-5j56:~ # fdisk -l Disk /dev/sda: 17.1 GB, 17179869184 bytes 255 heads, 63 sectors/track, 2088 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 1 892 7164958+ 7 HPFS/NTFS /dev/sda2 893 1023 1052257+ 82 Linux swap / Solaris /dev/sda3 * 1024 2088 8554612+ 83 Linux
Figure 2.1: Viewing the partition table.
As you can see in Figure 2.1 the “/dev/sda1” partition has the ‘System’ type of NPFS/NTFS which indicates the partition is of type NTFS. Once you know which partition has the NTFS installed you will need to create a mount point for this partition this can be done by issuing the mkdir command followed by a path name. In this article we will create a directory called: “windowsc” within the /media directory as shown in Figure 2.2.
linux-5j56:~ # mkdir /media/windowsc
Figure 2.2: Creating a mount point for the NTFS partition.
Once you have created the mount point for the NTFS partition you can use the mount command to mount the NTFS partition. Figure 2.3 shows the command used to mount the NTFS partition. Table 1 explains what each part of the command does.
linux-5j56:~ # mount /dev/sda1 /media/windowsc/ -o ro
Figure 2.3: Mounting the NTFS partition.
| Section | Description |
| /dev/sda1 | This is the NTFS partition that we retrieved earlier as shown in Figure 2.1. |
| /media/windowsc | This is the mount point for the NTFS partition which we created in Figure 2.2. |
| -o ro | This section tells the mount command that we want to mount the NTFS partition with read only permissions. |
Table 1: Figure 2.3 mount command explained.
Once you have issued the mount commands and no errors were returns you can change into the /media/windowsc directory and issue the ls command which will display the contents of the NTFS partition as shown in Figure 2.4.
linux-5j56:~ # cd /media/windowsc/ linux-5j56:/media/windowsc # ls AddOn boot.ini CONFIG.SYS IO.SYS NTDETECT.COM pagefile.sys System Volume Information AUTOEXEC.BAT Config.Msi Documents and Settings MSDOS.SYS ntldr Program Files WINDOWS
Figure 2.4: Listing the contents of the NTFS partition.
Auto mounting NTFS Partitions
In this section of the article we will look at making the NTFS partition automatically mount when the system boots up. The file that you will need to modify is the fstab file which is located within the /etc directory, Figure 3.1 shows the entry that will need to be made in the fstab file and Table2 explains what each column means.
/dev/sda1 /media/windowsc ntfs defaults 0 0
Figure 3.1: fstab file entry.
| Column | Description |
| /dev/sda1 | This field specifies the block device e.g. The NTFS partition. |
| /media/windowsc | This field specifies the mount point located on the filesystem. |
| ntfs | This field specifies the filesystem type e.g. NTFS, ext2, ext3, etc. |
| defaults | This field specifies the mount options e.g. rw, ro, etc. |
| 0 | This field is used for these filesystems by the dump(8) command to determine which filesystems need to be dumped. |
| 0 | This field is used by the fsck(8) program to determine the order in which filesystem checks are done at reboot time. |
Table 2: fstab syntax.
Cloning a NTFS Partition
In this section of the article we will look at cloning an image of the NTFS partition using the ntfsclone command. The ntfsclone utility allows you to clone an NTFS partition and create a image which can be restored at a later time using the ntfsclone command, the ntfsclone utility works at the disk sector level and copies only the used data.
In this article we will create a image of our current NTFS partition which we will restore later on in this section. Figure 4.1 shows the command use to clone the NTFS partition. Table 3 explains what each qualifier does.
linux-5j56:~ # ntfsclone --save-image -o WindowsXP.img /dev/sda1 ntfsclone v1.11.2 NTFS volume version: 3.1 Cluster size : 4096 bytes Current volume size: 7336914944 bytes (7337 MB) Current device size: 7336917504 bytes (7337 MB) Scanning volume ... 100.00 percent completed Accounting clusters ... Space in use : 2382 MB (32.5%) Saving NTFS to image ...
Figure 4.1: Cloning the NTFS Partition.
| Qualifier | Description |
| –save-image | This qualifier creates a special image file which can be later restored. |
| -o WindowsPartition.img | This qualifier specifies the name of the cloned NTFS partition. |
| /dev/sda1 | This section specifies the NTFS partition. |
Table 3: ntfsclone qualifiers explained.
Once you have cloned the NTFS partition it is possible to mount the NTFS image using the mount command as shown in Figure 4.2.
linux-5j56:~ # mount -t ntfs WindowsPartition.img /media/windowsc/ -o loop,rw
Figure 4.2: Mounting the NTFS cloned image.
Once you have mounted the NTFS image you can make modifications to files or just keep it as a backup. The ntfsclone utility allows you to simply restore your system, to test this we will use the shred command to damage the NTFS partition and then we will restore the NTFS partition to its original state using the ntfsclone command. Figure 4.3 shows the command used to damage the NTFS partition and Figure 4.4 shows the command used to restore the NTFS partition.
linux-5j56:~ # shred -v -n 1 /dev/sda1
shred: /dev/sda1: pass 1/1 (random)...
shred: /dev/sda1: pass 1/1 (random)...17MiB/6.9GiB 0%
shred: /dev/sda1: pass 1/1 (random)...38MiB/6.9GiB 0%
shred: /dev/sda1: pass 1/1 (random)...59MiB/6.9GiB 0%
shred: /dev/sda1: pass 1/1 (random)...79MiB/6.9GiB 1%
...
...
linux-5j56:~ # mount -t ntfs /dev/sda1 /media/windowsc/
mount: wrong fs type, bad option, bad superblock on /dev/sda1,
missing codepage or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
Figure 4.3: Damaging the NTFS partition.
linux-5j56:~ # ntfsclone --restore-image -O /dev/sda1 WindowsXP.img ntfsclone v1.11.2 NTFS volume version: 3.1 Cluster size : 4096 bytes Image volume size : 7336914944 bytes (7337 MB) Image device size : 7336917504 bytes Space in use : 2382 MB (32.5%) Restoring NTFS from image ... 100.00 percent completed Syncing ...
Figure 4.4: Restoring the NTFS partition.
As you can see in Figure 4.3 the second command that was executed (mount) was unable to mount the NTFS partition because of the previous shred command damaged the filesystem. Once the NTFS image has been restored you can mount the /dev/sda1 partition as shown in Figure 2.3.
Recovering Deleted Files
In this section of the article we will look at recovering deleted files using the ntfsundelete command. The ntfsundelete command has the capabilities of recovering deleted files that may have been accidentally deleted.
The first task that you need to do is scan the NTFS partition to see if there are any files that can be recovered this can be done by issuing the ntfsundelete command followed by the NTFS partition as shown in Figure 5.1.
linux-5j56:~ # ntfsundelete /dev/sda1 Inode Flags %age Date Size Filename --------------------------------------------------------------- 16 F..! 0% 1970-01-01 0 17 F..! 0% 1970-01-01 0 18 F..! 0% 1970-01-01 0 19 F..! 0% 1970-01-01 0 20 F..! 0% 1970-01-01 0 21 F..! 0% 1970-01-01 0 22 F..! 0% 1970-01-01 0 23 F..! 0% 1970-01-01 0 4128 FN.. 100% 2008-06-17 1048576 edb.log 4129 FN.. 100% 2008-06-17 1048576 edb00002.log 4130 FN.. 100% 2008-06-17 1048576 res2.log 4131 FN.. 100% 2008-06-17 1048576 res1.log 4133 FN.. 100% 2008-06-17 8192 edb.chk 11090 FN.. 100% 2008-06-17 16384 Perflib_Perfdata_b0.dat 11769 F..! 0% 1970-01-01 0 11770 F..! 0% 1970-01-01 0 11771 F..! 0% 1970-01-01 0 11772 F..! 0% 1970-01-01 0 11773 F..! 0% 1970-01-01 0 11774 F..! 0% 1970-01-01 0 11775 F..! 0% 1970-01-01 0 Files with potentially recoverable content: 6
Figure 5.1: Scanning for possible files to recover.
As Figure 5.1 shows there are six files which can potentially be recovered. The next step is to issue the ntfsundelete command with the -u qualifier followed by the inode of the file which you would like to recover and the NTFS partition as shown in Figure 5.2.
linux-5j56:~ # ntfsundelete -u11090 /dev/sda1 Inode Flags %age Date Size Filename --------------------------------------------------------------- 11090 FN.. 0% 2008-06-17 16384 Perflib_Perfdata_b0.dat Undeleted 'Perflib_Perfdata_b0.dat' successfully.
Figure 5.2: Recovering the “perflib_Perfdata_b0.dat” file.
Once you have recovered the file you will notice that it appears in your current working directory this file can be copied back to the NTFS partition or stored on some other media.
Final Thoughts
In this article we looked at how to manage NTFS partitions, hopefully you will find this useful if you have a dual boot with Microsoft Windows and SUSE Linux. I would also recommend visiting the Linux NTFS project [1] for the latest news and features.
Reference
[1] http://www.linux-ntfs.org/doku.php
Hybrid Cloud IT
Run SAP
Cloud-native Transformation
IT Operations at the Edge
Comments
given that I followed the instructions and ‘some time’ later my edits to /etc/fstab were erased.
I Googled for a solution and found no answer. “dynamic” and “/etc/fstab” seem to generate discussion.
My experience is on a fresh SLED 10.1 installation (updated to SP2) on a 64-bit Centrino Lenovo T61 laptop.
Regards,
Joseph.Blazic@gmail.com