platform/external/ntfs-3g.git - Unnamed repository; edit this file 'description' to name the repository.

1 .\" Copyright (c) 2007-2009 Jean-Pierre André.
2 .\" This file may be copied under the terms of the GNU Public License.
3 .\"
4 .TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.3.8"
5 .SH NAME
6 ntfs-3g.secaudit \- NTFS Security Data Auditing
7 .SH SYNOPSIS
8 .B ntfs-3g.secaudit
9 \fB[\fIoptions\fP\fB]\fR
10 .I args
11 .PP
12 Where \fIoptions\fP is a combination of :
13 .RS
14 -a full auditing of security data (Linux only)
15 .RE
16 .RS
17 -b backup ACLs
18 .RE
19 .RS
20 -e setting extra backed-up parameters (in conjunction with -s)
21 .RE
22 .RS
23 -h displaying hexadecimal security descriptors saved in a file
24 .RE
25 .RS
26 -r recursing in a directory
27 .RE
28 .RS
29 -s setting backed-up ACLs
30 .RE
31 .RS
32 -v verbose (very verbose if set twice)
33 .RE
34 .PP
35 and args define the parameters and the set of files acted upon.
36 .PP
37 Typing secaudit with no args will display a summary of available options.
38 .SH DESCRIPTION
39 \fBntfs-3g.secaudit\fR
40 displays the ownership and permissions of a set of files on an NTFS
41 file system, and checks their consistency. It can be started in terminal
42 mode only (no graphical user interface is available.)
43 .PP
44 When a \fIvolume\fR is required, it has to be unmounted, and the command
45 has to be issued as \fBroot\fP. The \fIvolume\fR can be either a block
46 device (i.e. a disk partition) or an image file.
47 .PP
48 When acting on a directory or volume, the command may produce a lot
49 of information. It is therefore advisable to redirect the output to
50 a file or pipe it to a text editor for examination.
51 .SH OPTIONS
52 Below are the valid combinations of options and arguments that
53 \fBntfs-3g.secaudit\fR accepts. All the indicated arguments are
54 mandatory and must be unique (if wildcards are used, they must
55 resolve to a single name.)
56 .TP
57 \fB-h\fP \fIfile\fP
58 Displays in an human readable form the hexadecimal security descriptors
59 saved in \fIfile\fP. This can be used to turn a verbose output into a very
60 verbose output.
61 .TP
62 \fB-a[rv]\fP \fIvolume\fP
63 Audits the volume : all the global security data on \fIvolume\fP are scanned
64 and errors are displayed. If option \fB-r\fP is present, all files and
65 directories are also scanned and their relations to global security data
66 are checked. This can produce a lot of data.
67
68 This option is not effective on volumes formatted for old NTFS versions (pre
69 NTFS 3.0). Such volumes have no global security data.
70
71 When errors are signalled, it is advisable to repair the volume with an
72 appropriate tool (such as \fBchkdsk\fP on Windows.)
73 .TP
74 \fB[-v]\fP \fIvolume\fP \fIfile\fP
75 Displays the security parameters of \fIfile\fP : its interpreted Linux mode
76 (rwx flags in octal) and Posix ACL[1], its security key if any, and its
77 security descriptor if verbose output.
78 .TP
79 \fB-r[v]\fP \fIvolume\fP \fIdirectory\fP
80 displays the security parameters of all files and subdirectories in
81 \fIdirectory\fP : their interpreted Linux mode (rwx flags in octal) and Posix
82 ACL[1], their security key if any, and their security descriptor if
83 verbose output.
84 .TP
85 .B -b[v] \fIvolume\fP \fI[directory]\fP
86 Recursively extracts to standard output the NTFS ACLs of files in \fIvolume\fP
87 and \fIdirectory\fP.
88 .TP
89 \fB-s[ev]\fP \fIvolume\fP \fI[backup-file]\fP
90 Sets the NTFS ACLS as indicated in \fIbackup-file\fP or standard input. The
91 input data must have been created on Linux. With option \fB-e\fP, also sets
92 extra parameters (currently Windows attrib).
93 .TP
94 \fIvolume\fP \fIperms\fP \fIfile\fP
95 Sets the security parameters of file to perms. Perms is the Linux
96 requested mode (rwx flags, expressed in octal form as in chmod) or
97 a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL
98 which is effective for Linux and Windows.
99 .TP
100 \fB-r[v]\fP \fIvolume\fP \fIperms\fP \fIdirectory\fP
101 Sets the security parameters of all files and subdirectories in
102 \fIdirectory\fP to \fIperms\fP. Perms is the Linux requested mode (rwx flags,
103 expressed in octal form as in \fBchmod\fP), or a Posix ACL[1] (expressed like
104 in \fBsetfacl -m\fP.) This sets new ACLs which are effective for Linux and
105 Windows.
106 .TP
107 \fB[-v]\fP \fImounted-file\fP
108 Displays the security parameters of \fImounted-file\fP : its interpreted
109 Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any,
110 and its security descriptor if verbose output. This is a special case which
111 acts on a mounted file (or directory) and does not require being root. The
112 Posix ACL interpretation can only be displayed if the full path to
113 \fImounted-file\fP from the root of the global file tree is provided.
114 .SH NOTE
115 [1] provided the POSIX ACL option was selected at compile time. A Posix ACL
116 specification looks like "\fB[d:]{ugmo}:[id]:[perms],...\fP" where id is a
117 numeric user or group id, and perms an octal digit or a set from the letters
118 r, w and x.
119 .RS
120 Example : "\fBu::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7\fP"
121 .SH EXAMPLES
122 Audit the global security data on /dev/sda1
123 .RS
124 .sp
125 .B ntfs-3g.secaudit -ar /dev/sda1
126 .sp
127 .RE
128 Display the ownership and permissions parameters for files in directory
129 /audio/music on device /dev/sda5, excluding sub-directories :
130 .RS
131 .sp
132 .B ntfs-3g.secaudit /dev/sda5 /audio/music
133 .sp
134 .RE
135 Set all files in directory /audio/music on device /dev/sda5 as writeable
136 by owner and read-only for everybody :
137 .RS
138 .sp
139 .B ntfs-3g.secaudit -r /dev/sda5 644 /audio/music
140 .sp
141 .RE
142 .SH EXIT CODES
143 .B ntfs-3g.secaudit
144 exits with a value of 0 when no error was detected, and with a value
145 of 1 when an error was detected.
146 .SH KNOWN ISSUES
147 Please see
148 .RS
149 .sp
150 http://www.tuxera.com/community/ntfs-3g-faq/
151 .sp
152 .RE
153 for common questions and known issues.
154 If you would find a new one in the latest release of
155 the software then please send an email describing it
156 in detail. You can contact the
157 development team on the ntfs\-3g\-devel@lists.sf.net
158 address.
159 .SH AUTHORS
160 .B ntfs-3g.secaudit
161 has been developed by Jean-Pierre André.
162 .SH THANKS
163 Several people made heroic efforts, often over five or more
164 years which resulted the ntfs-3g driver. Most importantly they are
165 Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy,
166 Yuval Fledel, and the author of the groundbreaking FUSE filesystem development
167 framework, Miklos Szeredi.
168 .SH SEE ALSO
169 .BR ntfsprogs (8),
170 .BR attr (5),
171 .BR getfattr (1)
172
1	.\" Copyright (c) 2007-2009 Jean-Pierre André.
2	.\" This file may be copied under the terms of the GNU Public License.
3	.\"
4	.TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.3.8"
5	.SH NAME
6	ntfs-3g.secaudit \- NTFS Security Data Auditing
7	.SH SYNOPSIS
8	.B ntfs-3g.secaudit
9	\fB[\fIoptions\fP\fB]\fR
10	.I args
11	.PP
12	Where \fIoptions\fP is a combination of :
13	.RS
14	-a full auditing of security data (Linux only)
15	.RE
16	.RS
17	-b backup ACLs
18	.RE
19	.RS
20	-e setting extra backed-up parameters (in conjunction with -s)
21	.RE
22	.RS
23	-h displaying hexadecimal security descriptors saved in a file
24	.RE
25	.RS
26	-r recursing in a directory
27	.RE
28	.RS
29	-s setting backed-up ACLs
30	.RE
31	.RS
32	-v verbose (very verbose if set twice)
33	.RE
34	.PP
35	and args define the parameters and the set of files acted upon.
36	.PP
37	Typing secaudit with no args will display a summary of available options.
38	.SH DESCRIPTION
39	\fBntfs-3g.secaudit\fR
40	displays the ownership and permissions of a set of files on an NTFS
41	file system, and checks their consistency. It can be started in terminal
42	mode only (no graphical user interface is available.)
43	.PP
44	When a \fIvolume\fR is required, it has to be unmounted, and the command
45	has to be issued as \fBroot\fP. The \fIvolume\fR can be either a block
46	device (i.e. a disk partition) or an image file.
47	.PP
48	When acting on a directory or volume, the command may produce a lot
49	of information. It is therefore advisable to redirect the output to
50	a file or pipe it to a text editor for examination.
51	.SH OPTIONS
52	Below are the valid combinations of options and arguments that
53	\fBntfs-3g.secaudit\fR accepts. All the indicated arguments are
54	mandatory and must be unique (if wildcards are used, they must
55	resolve to a single name.)
56	.TP
57	\fB-h\fP \fIfile\fP
58	Displays in an human readable form the hexadecimal security descriptors
59	saved in \fIfile\fP. This can be used to turn a verbose output into a very
60	verbose output.
61	.TP
62	\fB-a[rv]\fP \fIvolume\fP
63	Audits the volume : all the global security data on \fIvolume\fP are scanned
64	and errors are displayed. If option \fB-r\fP is present, all files and
65	directories are also scanned and their relations to global security data
66	are checked. This can produce a lot of data.
67
68	This option is not effective on volumes formatted for old NTFS versions (pre
69	NTFS 3.0). Such volumes have no global security data.
70
71	When errors are signalled, it is advisable to repair the volume with an
72	appropriate tool (such as \fBchkdsk\fP on Windows.)
73	.TP
74	\fB[-v]\fP \fIvolume\fP \fIfile\fP
75	Displays the security parameters of \fIfile\fP : its interpreted Linux mode
76	(rwx flags in octal) and Posix ACL[1], its security key if any, and its
77	security descriptor if verbose output.
78	.TP
79	\fB-r[v]\fP \fIvolume\fP \fIdirectory\fP
80	displays the security parameters of all files and subdirectories in
81	\fIdirectory\fP : their interpreted Linux mode (rwx flags in octal) and Posix
82	ACL[1], their security key if any, and their security descriptor if
83	verbose output.
84	.TP
85	.B -b[v] \fIvolume\fP \fI[directory]\fP
86	Recursively extracts to standard output the NTFS ACLs of files in \fIvolume\fP
87	and \fIdirectory\fP.
88	.TP
89	\fB-s[ev]\fP \fIvolume\fP \fI[backup-file]\fP
90	Sets the NTFS ACLS as indicated in \fIbackup-file\fP or standard input. The
91	input data must have been created on Linux. With option \fB-e\fP, also sets
92	extra parameters (currently Windows attrib).
93	.TP
94	\fIvolume\fP \fIperms\fP \fIfile\fP
95	Sets the security parameters of file to perms. Perms is the Linux
96	requested mode (rwx flags, expressed in octal form as in chmod) or
97	a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL
98	which is effective for Linux and Windows.
99	.TP
100	\fB-r[v]\fP \fIvolume\fP \fIperms\fP \fIdirectory\fP
101	Sets the security parameters of all files and subdirectories in
102	\fIdirectory\fP to \fIperms\fP. Perms is the Linux requested mode (rwx flags,
103	expressed in octal form as in \fBchmod\fP), or a Posix ACL[1] (expressed like
104	in \fBsetfacl -m\fP.) This sets new ACLs which are effective for Linux and
105	Windows.
106	.TP
107	\fB[-v]\fP \fImounted-file\fP
108	Displays the security parameters of \fImounted-file\fP : its interpreted
109	Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any,
110	and its security descriptor if verbose output. This is a special case which
111	acts on a mounted file (or directory) and does not require being root. The
112	Posix ACL interpretation can only be displayed if the full path to
113	\fImounted-file\fP from the root of the global file tree is provided.
114	.SH NOTE
115	[1] provided the POSIX ACL option was selected at compile time. A Posix ACL
116	specification looks like "\fB[d:]{ugmo}:[id]:[perms],...\fP" where id is a
117	numeric user or group id, and perms an octal digit or a set from the letters
118	r, w and x.
119	.RS
120	Example : "\fBu::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7\fP"
121	.SH EXAMPLES
122	Audit the global security data on /dev/sda1
123	.RS
124	.sp
125	.B ntfs-3g.secaudit -ar /dev/sda1
126	.sp
127	.RE
128	Display the ownership and permissions parameters for files in directory
129	/audio/music on device /dev/sda5, excluding sub-directories :
130	.RS
131	.sp
132	.B ntfs-3g.secaudit /dev/sda5 /audio/music
133	.sp
134	.RE
135	Set all files in directory /audio/music on device /dev/sda5 as writeable
136	by owner and read-only for everybody :
137	.RS
138	.sp
139	.B ntfs-3g.secaudit -r /dev/sda5 644 /audio/music
140	.sp
141	.RE
142	.SH EXIT CODES
143	.B ntfs-3g.secaudit
144	exits with a value of 0 when no error was detected, and with a value
145	of 1 when an error was detected.
146	.SH KNOWN ISSUES
147	Please see
148	.RS
149	.sp
150	http://www.tuxera.com/community/ntfs-3g-faq/
151	.sp
152	.RE
153	for common questions and known issues.
154	If you would find a new one in the latest release of
155	the software then please send an email describing it
156	in detail. You can contact the
157	development team on the ntfs\-3g\-devel@lists.sf.net
158	address.
159	.SH AUTHORS
160	.B ntfs-3g.secaudit
161	has been developed by Jean-Pierre André.
162	.SH THANKS
163	Several people made heroic efforts, often over five or more
164	years which resulted the ntfs-3g driver. Most importantly they are
165	Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy,
166	Yuval Fledel, and the author of the groundbreaking FUSE filesystem development
167	framework, Miklos Szeredi.
168	.SH SEE ALSO
169	.BR ntfsprogs (8),
170	.BR attr (5),
171	.BR getfattr (1)
172