platform/external/ntfs-3g.git - Unnamed repository; edit this file 'description' to name the repository.

1 .\" Copyright (c) 2007-2009 Jean-Pierre André.
2 .\" This file may be copied under the terms of the GNU Public License.
3 .\"
4 .TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.4.1"
5 .SH NAME
6 ntfs-3g.secaudit \- NTFS Security Data Auditing
7 .SH SYNOPSIS
8 .B ntfs-3g.secaudit
9 \fB[\fIoptions\fP\fB]\fR
10 .I args
11 .PP
12 Where \fIoptions\fP is a combination of :
13 .RS
14 -a full auditing of security data (Linux only)
15 .RE
16 .RS
17 -b backup ACLs
18 .RE
19 .RS
20 -e setting extra backed-up parameters (in conjunction with -s)
21 .RE
22 .RS
23 -h displaying hexadecimal security descriptors saved in a file
24 .RE
25 .RS
26 -r recursing in a directory
27 .RE
28 .RS
29 -s setting backed-up ACLs
30 .RE
31 .RS
32 -u getting a user mapping proposal
33 .RE
34 .RS
35 -v verbose (very verbose if set twice)
36 .RE
37 .PP
38 and args define the parameters and the set of files acted upon.
39 .PP
40 Typing secaudit with no args will display a summary of available options.
41 .SH DESCRIPTION
42 \fBntfs-3g.secaudit\fR
43 displays the ownership and permissions of a set of files on an NTFS
44 file system, and checks their consistency. It can be started in terminal
45 mode only (no graphical user interface is available.)
46 .PP
47 When a \fIvolume\fR is required, it has to be unmounted, and the command
48 has to be issued as \fBroot\fP. The \fIvolume\fR can be either a block
49 device (i.e. a disk partition) or an image file.
50 .PP
51 When acting on a directory or volume, the command may produce a lot
52 of information. It is therefore advisable to redirect the output to
53 a file or pipe it to a text editor for examination.
54 .SH OPTIONS
55 Below are the valid combinations of options and arguments that
56 \fBntfs-3g.secaudit\fR accepts. All the indicated arguments are
57 mandatory and must be unique (if wildcards are used, they must
58 resolve to a single name.)
59 .TP
60 \fB-h\fP \fIfile\fP
61 Displays in an human readable form the hexadecimal security descriptors
62 saved in \fIfile\fP. This can be used to turn a verbose output into a very
63 verbose output.
64 .TP
65 \fB-a[rv]\fP \fIvolume\fP
66 Audits the volume : all the global security data on \fIvolume\fP are scanned
67 and errors are displayed. If option \fB-r\fP is present, all files and
68 directories are also scanned and their relations to global security data
69 are checked. This can produce a lot of data.
70
71 This option is not effective on volumes formatted for old NTFS versions (pre
72 NTFS 3.0). Such volumes have no global security data.
73
74 When errors are signalled, it is advisable to repair the volume with an
75 appropriate tool (such as \fBchkdsk\fP on Windows.)
76 .TP
77 \fB[-v]\fP \fIvolume\fP \fIfile\fP
78 Displays the security parameters of \fIfile\fP : its interpreted Linux mode
79 (rwx flags in octal) and Posix ACL[1], its security key if any, and its
80 security descriptor if verbose output.
81 .TP
82 \fB-r[v]\fP \fIvolume\fP \fIdirectory\fP
83 displays the security parameters of all files and subdirectories in
84 \fIdirectory\fP : their interpreted Linux mode (rwx flags in octal) and Posix
85 ACL[1], their security key if any, and their security descriptor if
86 verbose output.
87 .TP
88 .B -b[v] \fIvolume\fP \fI[directory]\fP
89 Recursively extracts to standard output the NTFS ACLs of files in \fIvolume\fP
90 and \fIdirectory\fP.
91 .TP
92 \fB-s[ev]\fP \fIvolume\fP \fI[backup-file]\fP
93 Sets the NTFS ACLS as indicated in \fIbackup-file\fP or standard input. The
94 input data must have been created on Linux. With option \fB-e\fP, also sets
95 extra parameters (currently Windows attrib).
96 .TP
97 \fIvolume\fP \fIperms\fP \fIfile\fP
98 Sets the security parameters of file to perms. Perms is the Linux
99 requested mode (rwx flags, expressed in octal form as in chmod) or
100 a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL
101 which is effective for Linux and Windows.
102 .TP
103 \fB-r[v]\fP \fIvolume\fP \fIperms\fP \fIdirectory\fP
104 Sets the security parameters of all files and subdirectories in
105 \fIdirectory\fP to \fIperms\fP. Perms is the Linux requested mode (rwx flags,
106 expressed in octal form as in \fBchmod\fP), or a Posix ACL[1] (expressed like
107 in \fBsetfacl -m\fP.) This sets new ACLs which are effective for Linux and
108 Windows.
109 .TP
110 \fB[-v]\fP \fImounted-file\fP
111 Displays the security parameters of \fImounted-file\fP : its interpreted
112 Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any,
113 and its security descriptor if verbose output. This is a special case which
114 acts on a mounted file (or directory) and does not require being root. The
115 Posix ACL interpretation can only be displayed if the full path to
116 \fImounted-file\fP from the root of the global file tree is provided.
117 .TP
118 \fB-u[v]\fP \fImounted-file\fP
119 Displays a proposed contents for a user mapping file, based on the
120 ownership parameters set by Windows on \fImounted-file\fP, assuming
121 this file was created on Windows by the user who should be mapped to the
122 current Linux user. The displayed information has to be copied to the
123 file \fB.NTFS-3G/UserMapping\fP where \fB.NTFS-3G\fP is a hidden
124 subdirectory of the root of the partition for which the mapping is to
125 be defined. This will cause the ownership of files created on that
126 partition to be the same as the original \fImounted-file\fP.
127 .SH NOTE
128 [1] provided the POSIX ACL option was selected at compile time. A Posix ACL
129 specification looks like "\fB[d:]{ugmo}:[id]:[perms],...\fP" where id is a
130 numeric user or group id, and perms an octal digit or a set from the letters
131 r, w and x.
132 .RS
133 Example : "\fBu::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7\fP"
134 .SH EXAMPLES
135 Audit the global security data on /dev/sda1
136 .RS
137 .sp
138 .B ntfs-3g.secaudit -ar /dev/sda1
139 .sp
140 .RE
141 Display the ownership and permissions parameters for files in directory
142 /audio/music on device /dev/sda5, excluding sub-directories :
143 .RS
144 .sp
145 .B ntfs-3g.secaudit /dev/sda5 /audio/music
146 .sp
147 .RE
148 Set all files in directory /audio/music on device /dev/sda5 as writeable
149 by owner and read-only for everybody :
150 .RS
151 .sp
152 .B ntfs-3g.secaudit -r /dev/sda5 644 /audio/music
153 .sp
154 .RE
155 .SH EXIT CODES
156 .B ntfs-3g.secaudit
157 exits with a value of 0 when no error was detected, and with a value
158 of 1 when an error was detected.
159 .SH KNOWN ISSUES
160 Please see
161 .RS
162 .sp
163 http://www.tuxera.com/community/ntfs-3g-faq/
164 .sp
165 .RE
166 for common questions and known issues.
167 If you would find a new one in the latest release of
168 the software then please send an email describing it
169 in detail. You can contact the
170 development team on the ntfs\-3g\-devel@lists.sf.net
171 address.
172 .SH AUTHORS
173 .B ntfs-3g.secaudit
174 has been developed by Jean-Pierre André.
175 .SH THANKS
176 Several people made heroic efforts, often over five or more
177 years which resulted the ntfs-3g driver. Most importantly they are
178 Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy,
179 Yuval Fledel, and the author of the groundbreaking FUSE filesystem development
180 framework, Miklos Szeredi.
181 .SH SEE ALSO
182 .BR ntfsprogs (8),
183 .BR attr (5),
184 .BR getfattr (1)
185
1	.\" Copyright (c) 2007-2009 Jean-Pierre André.
2	.\" This file may be copied under the terms of the GNU Public License.
3	.\"
4	.TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.4.1"
5	.SH NAME
6	ntfs-3g.secaudit \- NTFS Security Data Auditing
7	.SH SYNOPSIS
8	.B ntfs-3g.secaudit
9	\fB[\fIoptions\fP\fB]\fR
10	.I args
11	.PP
12	Where \fIoptions\fP is a combination of :
13	.RS
14	-a full auditing of security data (Linux only)
15	.RE
16	.RS
17	-b backup ACLs
18	.RE
19	.RS
20	-e setting extra backed-up parameters (in conjunction with -s)
21	.RE
22	.RS
23	-h displaying hexadecimal security descriptors saved in a file
24	.RE
25	.RS
26	-r recursing in a directory
27	.RE
28	.RS
29	-s setting backed-up ACLs
30	.RE
31	.RS
32	-u getting a user mapping proposal
33	.RE
34	.RS
35	-v verbose (very verbose if set twice)
36	.RE
37	.PP
38	and args define the parameters and the set of files acted upon.
39	.PP
40	Typing secaudit with no args will display a summary of available options.
41	.SH DESCRIPTION
42	\fBntfs-3g.secaudit\fR
43	displays the ownership and permissions of a set of files on an NTFS
44	file system, and checks their consistency. It can be started in terminal
45	mode only (no graphical user interface is available.)
46	.PP
47	When a \fIvolume\fR is required, it has to be unmounted, and the command
48	has to be issued as \fBroot\fP. The \fIvolume\fR can be either a block
49	device (i.e. a disk partition) or an image file.
50	.PP
51	When acting on a directory or volume, the command may produce a lot
52	of information. It is therefore advisable to redirect the output to
53	a file or pipe it to a text editor for examination.
54	.SH OPTIONS
55	Below are the valid combinations of options and arguments that
56	\fBntfs-3g.secaudit\fR accepts. All the indicated arguments are
57	mandatory and must be unique (if wildcards are used, they must
58	resolve to a single name.)
59	.TP
60	\fB-h\fP \fIfile\fP
61	Displays in an human readable form the hexadecimal security descriptors
62	saved in \fIfile\fP. This can be used to turn a verbose output into a very
63	verbose output.
64	.TP
65	\fB-a[rv]\fP \fIvolume\fP
66	Audits the volume : all the global security data on \fIvolume\fP are scanned
67	and errors are displayed. If option \fB-r\fP is present, all files and
68	directories are also scanned and their relations to global security data
69	are checked. This can produce a lot of data.
70
71	This option is not effective on volumes formatted for old NTFS versions (pre
72	NTFS 3.0). Such volumes have no global security data.
73
74	When errors are signalled, it is advisable to repair the volume with an
75	appropriate tool (such as \fBchkdsk\fP on Windows.)
76	.TP
77	\fB[-v]\fP \fIvolume\fP \fIfile\fP
78	Displays the security parameters of \fIfile\fP : its interpreted Linux mode
79	(rwx flags in octal) and Posix ACL[1], its security key if any, and its
80	security descriptor if verbose output.
81	.TP
82	\fB-r[v]\fP \fIvolume\fP \fIdirectory\fP
83	displays the security parameters of all files and subdirectories in
84	\fIdirectory\fP : their interpreted Linux mode (rwx flags in octal) and Posix
85	ACL[1], their security key if any, and their security descriptor if
86	verbose output.
87	.TP
88	.B -b[v] \fIvolume\fP \fI[directory]\fP
89	Recursively extracts to standard output the NTFS ACLs of files in \fIvolume\fP
90	and \fIdirectory\fP.
91	.TP
92	\fB-s[ev]\fP \fIvolume\fP \fI[backup-file]\fP
93	Sets the NTFS ACLS as indicated in \fIbackup-file\fP or standard input. The
94	input data must have been created on Linux. With option \fB-e\fP, also sets
95	extra parameters (currently Windows attrib).
96	.TP
97	\fIvolume\fP \fIperms\fP \fIfile\fP
98	Sets the security parameters of file to perms. Perms is the Linux
99	requested mode (rwx flags, expressed in octal form as in chmod) or
100	a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL
101	which is effective for Linux and Windows.
102	.TP
103	\fB-r[v]\fP \fIvolume\fP \fIperms\fP \fIdirectory\fP
104	Sets the security parameters of all files and subdirectories in
105	\fIdirectory\fP to \fIperms\fP. Perms is the Linux requested mode (rwx flags,
106	expressed in octal form as in \fBchmod\fP), or a Posix ACL[1] (expressed like
107	in \fBsetfacl -m\fP.) This sets new ACLs which are effective for Linux and
108	Windows.
109	.TP
110	\fB[-v]\fP \fImounted-file\fP
111	Displays the security parameters of \fImounted-file\fP : its interpreted
112	Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any,
113	and its security descriptor if verbose output. This is a special case which
114	acts on a mounted file (or directory) and does not require being root. The
115	Posix ACL interpretation can only be displayed if the full path to
116	\fImounted-file\fP from the root of the global file tree is provided.
117	.TP
118	\fB-u[v]\fP \fImounted-file\fP
119	Displays a proposed contents for a user mapping file, based on the
120	ownership parameters set by Windows on \fImounted-file\fP, assuming
121	this file was created on Windows by the user who should be mapped to the
122	current Linux user. The displayed information has to be copied to the
123	file \fB.NTFS-3G/UserMapping\fP where \fB.NTFS-3G\fP is a hidden
124	subdirectory of the root of the partition for which the mapping is to
125	be defined. This will cause the ownership of files created on that
126	partition to be the same as the original \fImounted-file\fP.
127	.SH NOTE
128	[1] provided the POSIX ACL option was selected at compile time. A Posix ACL
129	specification looks like "\fB[d:]{ugmo}:[id]:[perms],...\fP" where id is a
130	numeric user or group id, and perms an octal digit or a set from the letters
131	r, w and x.
132	.RS
133	Example : "\fBu::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7\fP"
134	.SH EXAMPLES
135	Audit the global security data on /dev/sda1
136	.RS
137	.sp
138	.B ntfs-3g.secaudit -ar /dev/sda1
139	.sp
140	.RE
141	Display the ownership and permissions parameters for files in directory
142	/audio/music on device /dev/sda5, excluding sub-directories :
143	.RS
144	.sp
145	.B ntfs-3g.secaudit /dev/sda5 /audio/music
146	.sp
147	.RE
148	Set all files in directory /audio/music on device /dev/sda5 as writeable
149	by owner and read-only for everybody :
150	.RS
151	.sp
152	.B ntfs-3g.secaudit -r /dev/sda5 644 /audio/music
153	.sp
154	.RE
155	.SH EXIT CODES
156	.B ntfs-3g.secaudit
157	exits with a value of 0 when no error was detected, and with a value
158	of 1 when an error was detected.
159	.SH KNOWN ISSUES
160	Please see
161	.RS
162	.sp
163	http://www.tuxera.com/community/ntfs-3g-faq/
164	.sp
165	.RE
166	for common questions and known issues.
167	If you would find a new one in the latest release of
168	the software then please send an email describing it
169	in detail. You can contact the
170	development team on the ntfs\-3g\-devel@lists.sf.net
171	address.
172	.SH AUTHORS
173	.B ntfs-3g.secaudit
174	has been developed by Jean-Pierre André.
175	.SH THANKS
176	Several people made heroic efforts, often over five or more
177	years which resulted the ntfs-3g driver. Most importantly they are
178	Anton Altaparmakov, Richard Russon, Szabolcs Szakacsits, Yura Pakhuchiy,
179	Yuval Fledel, and the author of the groundbreaking FUSE filesystem development
180	framework, Miklos Szeredi.
181	.SH SEE ALSO
182	.BR ntfsprogs (8),
183	.BR attr (5),
184	.BR getfattr (1)
185