ntfs-3g will mount as root only, breaks mounting as user

It's ok to only have root mount/unmount, but the gui should allow for this by asking for a password only, and not show "you are not privileged ..."

I'm seeing this error on Ubuntu Hardy (fully updated) when I click on Places -> Win XP partition and wonder if this is related:

Cannot mount volume.
You are not privileged to mount this volume.

@Jose,

Can you still replicate this? It is now working OK for me.

I've just checked on kde4, and still won't mount. I'll test soon on kde 3.x

Still the same problem - but I found out all the external HDs I wanted to mount had a entry in fstab, because if not, the option "locale=pt_PT.utf8" won't get passed to ntfs-3g and the drive will be mounted with the wrong character set. See bug #195420.
If I remove the fstab entry, I can now mount the drives under kd3, but with the wrong character set, which means that files and whole directories become invisible. :(

From the ntfs-3g support forum <a href="http://forum.ntfs-3g.org/viewtopic.php?t=801">here</a>, I found out the mounting bugs are supposedly solved in version 1.2412:

"The NTFS-3G 1.2412 release fixes these two issues:

 o Fix: unprivileged mount may have been denied because supplementary groups were dropped too early as a security measure.

 o Fix: unprivileged mount may have been denied if the /etc/fuse.conf file wasn't properly configured. This was redundant and the /etc/fuse.conf file is not required anymore. "

I'll see if I can update my version to 1.2412 and if it fixes the problem.

Finally! I downloaded and expanded the 1.2412 version, copied the "debian" dir from 1.2212 to 1.2412, edited debian/changelog to show the new version, debian/rules to remove the "--with-fuse=external \" line, did a "fakeroot debian/rules binary" and installed the resulting ntfs-3g and libntfs-3g packages. Then I chmoded +s /bin/ntfs-3g, and now I can mount my external usb ntfs drives even if I have a fstab entry for them! And since that is the only way I can get the ntfs partitions to mount with a decent character set...

@Jose,
Are you saying this bug need to be changed to "[needs-packaging] ntfs-3g 1.2412 - fixes ntfs-3g will mount as root only, breaks mounting as user"?
If that is so, please modify this ticket as appropriate and poke someone at #ubuntu-devel and see if it still can make it on Hardy or shortly after release.

Not quite - it needs not only updating to 1.2412, but also to use the external fuse libs and to set the /bin/ntfs-3g executable with the suid bit. So, as you see, it isn't a simple repackaging issue - it needs a reversion of a decision (using internal fuse libs) and a difficult one (setting a executable suid bit, opening the door to possible exploits).

> but also to use the external fuse libs

It needs internal fuse. The external fuse (suid-root fusermount) has know potential exploits, ntfs-3g doesn't have any. So the safe internal fuse replaces the insafe external fuse.

Regards, Szaka

==
NTFS-3G Lead Developer: http://nts-3g.org

You're right, sorry. I've wrote my answer the wrong way around. Right now, the ubuntu ntfs-3g package passes the option "--with-fuse=external" to the configure script, forcing it to use the external libs. I commented that line, and build the 1.2412 version using the internal libs, and then set suid root the executable /bin/ntfs-3g.

So, the decision that needs to be reverted is the decision made by Martin Pitt on the 7th March to "Build against the external fuse libraries and add dependency on fuse-utils".

Subscribed Martin Pitt to know his take on this.

(Hola)

In gnome, the mount options problem can be worked around by using the gconf-editor (launch from terminal), and adding the needed mount options to the key: /system/storage/default_options/ntfs-3g/mount_options

This way, I can mount an NTFS partition using gnome's Drive Mount applet (although the owner is root): the policy controller ask you for password the first time and preserves the permission (no need to enter password again).

However, with that method I have found the filesystem is mounted with type fuseblk, not ntfs-3g ?

Also, this method only works if the filesystem is not in fstab.

Any word on progress on solving this bug? Sorry to be so impatient, but not having an external drive mount on connection is a serious step backwards from the way things were in 7.10.

I see Hardy still has ntfs-3g 1.2216, can anyone tell how far away the update to 1.2412 linked to the internal fuse is?

There is no chance that this get fixed in hardy. Too much things to change, Difficult decision to take...
But you really don't need it to mount external drive, there is gnome-mount, pmount... for that.

But if I need to install pmount to make this work (which is admittedly no big deal), shouldn't pmount be installed by default then? That's not that big of a deal...

pmount works if you're trying to mount a partition from an external drive. In a dual boot environment, it's a very common case to have a NTFS partition and pmount won't work. So, no chance to get this fixed for hardy?

So, until this issue it's fixed I uninstalled ntfs-3g. Then I went to http://ntfs-3g.org/ and followed the basic installation instructions. Is there any chance that ntfs-3g version 1.2506 could be introduced into Ubuntu backports?

Yoanis, once 1.2506 hits intrepid, we can do a backport, sure. However, I'd much rather backport the fix for this bug to the Hardy package and put it into -updates, that will be much more beneficial to people.

In Intrepid this will be fixed once it gets merged.

Nominating for Hardy, I will look into this.

I tested this already when merging 1.2216 in Hardy, but now I tested it again. When I plug in an USB stick with an NTFS partition, it is automounted right away. No passwords, no error messages.

Can you please open a Terminal, and try to mount it on the command line?

  $ gnome-mount -vbd /dev/sdc1

You need to replace /dev/sdc1 with the actual device of your USB NTFS partition (type "sudo blkid" to find it out).

Please copy&paste the output here.

Oh, sorry, you were trying this under Kubuntu. I'll ask our KDE guru about this.

This bug was fixed in the package ntfs-3g - 1:1.2310-1ubuntu1

---------------
ntfs-3g (1:1.2310-1ubuntu1) intrepid; urgency=low

  * Resynchronise with Debian. Remaining changes:
    - Add udeb shlibs entries for libntfs-3g24-udeb.
    - Bump debhelper build-dependency to 5.0.22 for dh_makeshlibs
      --add-udeb.
    - Create libntfs3g24-udeb and ntfs-3g-udeb.
    - Copy ntfs-3g into the initramfs. If ntfs-3g is used to mount the root
      filesystem (either directly or via a loopback mount), load the fuse
      module beforehand, and save ntfs-3g's PID (indirectly) in
      /var/run/sendsigs.omit.
    - Move ntfs-3g to /bin.
    - Move libntfs-3g.so.* to /lib. Adjust libntfs-3g.so symlink to match.
    - Add /sbin/mount.ntfs symlink to /bin/ntfs-3g.
    - Add a symlink for the mount.ntfs manual page too.
    - Pass basenames rather than full paths to pidof; create
      /dev/.initramfs/varrun if necessary (LP #150831).
    - Always add ntfs and ntfs-3g to sendsigs.omit (LP #181669).
    - Build against the external fuse libraries and add dependency on
      fuse-utils.
  * New upstream version was reported to fix mounting as normal user under
    KDE. (LP: #205081)

ntfs-3g (1:1.2310-1) unstable; urgency=low

  * New upstream release.
  * Bump library package name to match current soname.

 -- Martin Pitt <email address hidden> Thu, 15 May 2008 12:45:38 +0200

Martin,
Please check my comments 5 and 11 above; for me the bug isn't fixed, in fact it was introduced with 2310, as I need to add entries for my ntfs drives to fstab because of bug #195420. And that requires a ntfs-3g built with internal fuse utils (which is a reversion of the change in 2310) and for the user to set it (/bin/ntfs-3g) suid root.
Try adding a fstab entry for your ntfs usb stick, and you'll see what I am complaining of. If you want I can put here my fstab entries.

Martin, I can do any test you want, as long as I know what needs to be done. Would be really nice to have this issue fixed at the backports.

hi,

Jose Bernardo [2008-05-15 12:02 -0000]:
> Please check my comments 5 and 11 above; for me the bug isn't fixed,
> in fact it was introduced with 2310

But this version is not in Hardy...

> as I need to add entries for my ntfs drives to fstab because of bug #195420.

Ah, I did not try it with entries in fstab. What does your line look
like?

I'm sorry, I checked and you added it to 2216 (at least from the changelog for that version), the version I was testing in hardy, not 2310. I was confusing version numbers.

This is one of the entries, for a external usb drive that I share with the windows machines at work:

/dev/disk/by-id/usb-IC25N080_ATMR04-0-0:0-part1 /media/akasa ntfs-3g defaults,users,allow_others,rw,nosuid,nodev,sync,utf8,locale=pt_PT.UTF-8

Notice the two final options, they are mandatory for me to be able to access dirs and documents with accented characters.

For this drive, the unchanged ntfs-3g will only allow mounting it as root.

Reopening. Updating the version has got nothing to do with it. This is in fact a duplicate of bug 162863.

Right, but just to make sure that the problem is well understood,
the problem nowadays is not only that ntfs-3g is not installed setuid-root,
but
also that we don't build it with ntfs-3g's internal fuse library :

http://www.ntfs-3g.org/support.html#useroption

And while not installing setuid-root is easy to fix, building with external fuse libs means that a fix implies rebuilding the ntfs-3g libs, every time the package is updated.

I have this issue with a FAT32 pen drive.
Ubuntu shows no new updates for ntfs-3g,so I downloaded it from the site.

vivek@vivek-desktop:~/ntfs-3g-1.2531$ apt-cache policy ntfs-3g
ntfs-3g:
  Installed: 1:1.2216-1ubuntu2
  Candidate: 1:1.2216-1ubuntu2

Will my problem be fixed if remove fuse-utils and ntfs-3g and compile the ntfs-3g?What else should I do to overcome this problem?

Status changed to 'Confirmed' because the bug affects multiple users.