Mount options & file permissions questions

[SixString]

I've been using Ubuntu for a few weeks now, but I'm still struggling with this concept of mounting options and how they relate to file permissions.

My understanding is every file has a set of permissions (rwx) for owner, group, and world. I also understand that you can mount a file system with various read/write options. But how do the two relate? Are the mount options the "first gatekeeper" of file security, and override the individual file options? I'm also struggling with the difference between mounting with mask options and uid/gid options.

I have a NAS that has many files, owned by different users in different groups (I'm coming over from Windows, btw). I can mount those partitions fine, but the permissions are a bit squirrely. Part of the problem is the group id for my family is 101 on the NAS; in Ubuntu (8.04) 101 is reserved for libuuid (whatever that is).

So how do I mount the NAS file systems so that the file permissions perform as designed? Is there a way of "overriding" the file permissions at mount time? Or remapping the group ids somehow?

I've Googled this to death and beyond, but still I'm unclear. Thanks for any help!

[hazel]

If you mount a disk read-only, then that certainly overrides any file permissions on the disk; you can't modify anything, not even files that would otherwise be writable. Similarly if you mount with the noexec option (which is a default for user-mountable partitions), you can't run any programs or scripts, even if they have the exec bit set.

For Windows partitions, where the files don't have intrinsic ownership or permissions, Linux creates sensible ones for you. The default values are the ownership and umask of the mount process. In other words, if the disk is mounted by root, the files will belong to root; if the disk is mounted by a user, the files will belong to him/her. And the permissions will be set by that person's umask. To specify an individual or group ownership rather than accepting these defaults, you can use the uid or gid options. To specify a set of permissions, use the umask option.

Don't confuse ownership with permissions. Permissions specify the access rights of owner and group owner but they don't determine who these people are.

[SixString]

Thank you! Your explanation was clear enough to seem obvious, yet I was struggling with it.

I now see the problem with my NAS files: they were created under Windows, so the owner is root and the group is family (GID=101). Group has read permissions but since 101 is reserved to libuuid in Ubuntu, that group number is unavailable. What would be the appropriate way to gain access to those files? Do I need to change the permissions (or GID for "family) on the NAS, via SSH or something? Or is there a less risky approach--some way to either change Ubuntu's libuuid GID to another value, or to map the user's group id (currently 1000) to 101?

Can a group id number even be changed? Or does the group have to be deleted and re-created?

Thanks so much.

[hazel]

I'd be wary of changing the parameters for a system user, especially one whose purpose I don't know. There's probably a good reason for it to be the way it is. For example, there may be files belonging to libuuid and, if you change the ID number, those files won't be accessible any more, which might screw up something.

Perhaps the best solution would be to change your family group id to some value that isn't in use, and use chgrp to alter the group ownership of your existing files to that new number (you'd only have to do it once). The you could mount the Windows partition with the option "gid=that_value" and all members of your family would be group owners of the files on the partition.

By the way, what's a NAS?

[coopstah13]

NAS = network attached storage, its a storage solution for home users

[SixString]

Let me see if I follow. Currently, the group # of the files on the NAS are 101 ("family). My group # on Ubuntu is 1000 ("family"). Can I mount the NAS share with a GID of 101, even though that's "libuuid"? Wouldn't that mean the device was mounted for group "libuuid" instead of "family", or does the NAS care about the name vs. the group number? I guess I don't understand what role the names vs. the IDs play in all this, both users and groups.

Or do I need to SSH into the NAS and change the GID of ALL the files on the NAS to 1001 to match Ubuntu? Can I change "family" on the NAS from 101 to 1001, or do I need to create an entirely new group, "family2" maybe, and assign it 1001?

I feel like I'm *this* close to grasping all this....just not quite. (And yes, the NAS is just a small Linux file server.)

[Segfault]

IMO your best option is to change GID to 1000 in NAS. Create the group family with GID 1000 first.

[hazel]

I guess I don't understand what role the names vs. the IDs play in all this, both users and groups.

Internally Linux uses numbers for almost everything but human beings are more comfortable with character strings, so most of these numbers have string equivalents. For example, your UID is the thing Linux recognises you by, but you also have a login name. The /etc/passwd file acts as a translation table for UIDs and login names. Similarly with GIDs and group names, which are listed in /etc/group.

Each file has attached to it a structure called an inode where its details are stored, including the UID of its owner, the GID of its owning group, its access permissions, size, dates, and so on. When you list a directory, all the UIDs and GIDs are translated into user and group names in the output using the data from passwd and group - they're not stored that way.

Similarly every process that you launch has a process ID (PID) which is used internally, but you will probably prefer to refer to it by its program name. And Linux accesses files by their inode numbers, but humans use filenames, which are mapped to inode numbers in the directory. It's a general principle.