diff --git a/src/ntfs-3g.secaudit.8.in b/src/ntfs-3g.secaudit.8.in index 79c05ac1..669828e5 100644 --- a/src/ntfs-3g.secaudit.8.in +++ b/src/ntfs-3g.secaudit.8.in @@ -1,7 +1,7 @@ .\" Copyright (c) 2007-2009 Jean-Pierre André. .\" This file may be copied under the terms of the GNU Public License. .\" -.TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.3.8" +.TH NTFS-3G.SECAUDIT 8 "February 2010" "ntfs-3g.secaudit 1.4.1" .SH NAME ntfs-3g.secaudit \- NTFS Security Data Auditing .SH SYNOPSIS @@ -29,6 +29,9 @@ Where \fIoptions\fP is a combination of : -s setting backed-up ACLs .RE .RS +-u getting a user mapping proposal +.RE +.RS -v verbose (very verbose if set twice) .RE .PP @@ -111,6 +114,16 @@ and its security descriptor if verbose output. This is a special case which acts on a mounted file (or directory) and does not require being root. The Posix ACL interpretation can only be displayed if the full path to \fImounted-file\fP from the root of the global file tree is provided. +.TP +\fB-u[v]\fP \fImounted-file\fP +Displays a proposed contents for a user mapping file, based on the +ownership parameters set by Windows on \fImounted-file\fP, assuming +this file was created on Windows by the user who should be mapped to the +current Linux user. The displayed information has to be copied to the +file \fB.NTFS-3G/UserMapping\fP where \fB.NTFS-3G\fP is a hidden +subdirectory of the root of the partition for which the mapping is to +be defined. This will cause the ownership of files created on that +partition to be the same as the original \fImounted-file\fP. .SH NOTE [1] provided the POSIX ACL option was selected at compile time. A Posix ACL specification looks like "\fB[d:]{ugmo}:[id]:[perms],...\fP" where id is a diff --git a/src/secaudit.c b/src/secaudit.c index a0292154..8c66ae38 100644 --- a/src/secaudit.c +++ b/src/secaudit.c @@ -4659,12 +4659,19 @@ BOOL setfull(const char *fullname, int mode, BOOL isdir) BOOL proposal(const char *name, const char *attr) { + char fullname[MAXFILENAME]; int uoff, goff; int i; u64 uauth, gauth; int ucnt, gcnt; int uid, gid; BOOL err; +#ifdef WIN32 + char driveletter; +#else + struct stat st; + char *p,*q; +#endif err = FALSE; #ifdef WIN32 @@ -4683,7 +4690,8 @@ BOOL proposal(const char *name, const char *attr) if ((ucnt == 5) && (gcnt == 5) && (uauth == 5) && (gauth == 5) && (get4l(attr,uoff+8) == 21) && (get4l(attr,goff+8) == 21)) { - printf("# User mapping proposal\n"); + printf("# User mapping proposal :\n"); + printf("# -------------------- cut here -------------------\n"); if (uid) printf("%d::",uid); else @@ -4705,12 +4713,62 @@ BOOL proposal(const char *name, const char *attr) for (i=0; i= 'a') && (name[0] <= 'z')) + || ((name[0] >= 'A') && (name[0] <= 'Z'))) + && (name[1] == ':')) + driveletter = name[0]; + else { + if (GetCurrentDirectoryA(MAXFILENAME, fullname) + && (fullname[1] == ':')) + driveletter = fullname[0]; } + if (driveletter) { + printf("# Example : %c:\\.NTFS-3G\\UserMapping\n", + driveletter); + } +#else + printf("# being a hidden subdirectory of the root of the NTFS file system.\n"); + + /* Get the path to the root of the file system */ + if (name[0] != '/') { + p = getcwd(fullname,MAXFILENAME); + if (p) { + strcat(fullname,"/"); + strcat(fullname,name); + } + } else { + strcpy(fullname,name); + p = fullname; + } + if (p) { + /* go down the path to inode 5 (fails on symlinks) */ + do { + lstat(fullname,&st); + q = strrchr(p,'/'); + if (q && (st.st_ino != 5)) + *q = 0; + } while (strchr(p,'/') && (st.st_ino != 5)); + } + if (p && (st.st_ino == 5)) { + printf("# Example : "); + printname(stdout,p); + printf("/.NTFS-3G/UserMapping\n"); + } +#endif } else { printf("** Not possible : "); printname(stdout,name);