When you install the security support for the first time, you have to define the mapping of Windows accounts to Linux logins for every user who owns files which should be visible from both Windows and Linux. usermap is a basic utility to help you in doing that, it is available for both systems with a few differences.
The Windows version of usermap is available as a zip compressed file. You first have to unzip the file into some directory and you only need the file usermap.exe. This is generally done by double-clicking the icon associated to file tools.zip and selecting the said file for extraction. The source file is available in the same archive and advanced-ntfs-3g.md5 file on the download page can be used to check its authenticity.
There is currently no graphical version of usermap, so to start it, you must open a cmd window. To do this, click Start, then Run, type cmd and click ok. In the window type cd followed by the directory into which usermap.exe was saved. A simple way to get a Windows account parameter, when being logged into that account, is to start usermap with no argument but redirecting the output to a mapping file. Doing so, you then have to edit the file with your favourite Windows editor (or Wordpad), replacing the words user and group by the Linux login which corresponds to the Windows account, then rename the file as \.NTFS-3G\UserMapping, in the root directory of the volume to make accessible to Linux (for example as e:\.NTFS-3G\UserMapping for volume e:). You can also do this on Linux, but you must first mount the volume, then edit the file (for example /ntfs/.NTFS-3G/UserMapping if the NTFS volume is mounted into /ntfs), then you must unmount the volume and mount again to activate the mapping. Be sure to capitalize the directory .NTFS-3G and file name UserMapping correctly, even on Windows. If either is not correctly capitalized, it will not be recognized by Linux. If you have several accounts to map, repeat the process under Windows for each account and concatenate the outputs in a single file. Another possibility is to scan one or more volumes for file owners, by indicating the volumes as arguments to usermap. These volumes need not have to be shared with Linux, but they have to contain files which have been created on Windows by users who have a corresponding login. Whenever possible, the Windows system disk should be indicated first, because this disk generally contains the root directories of all users as subdirectories of c:\Documents and Settings and c:\Users. If the volume to share with Linux is not the Windows system disk, it should be indicated as the second argument. Thus the output will be written at the desired location \.NTFS-3G\UserMapping. Whenever usermap finds a new owner of a file, it asks for the login of the corresponding Linux owner of the file. Volumes just formatted and volumes which only contain files created by the base ntfs-3g will obviously bring no clue for file owners. They may nevertheless be indicated next to Windows system volume to receive the mapping output. Do not reply (just depress “enter”) if the file does not belong to a user who should be mapped. You will not be asked again about the same user owning another file on the same volume. Type the Linux login or group name (or numeric id) if the owner or group should be mapped. The resulting mapping file is ready for use into the volume designated as the second argument (the one designated as first argument if there is no more). Note : the mapping file is specific to a volume. If several volumes have to be shared, the file has to be replicated on each of them.
On Linux, usermap is named ntfs-3g.usermap as a part of the ntfs-3g package, and it can be started once the package has been installed. There are two other conditions to be met before doing so :
- the designated volume (partition) must not be mounted
- the ntfs-3g.usermap command must be started as root
The screens may look similar to those of the Windows version, however, as Linux has no knowledge of Windows accounts, there is no indication of current Windows account and fewer indications of names of owners of files. So the owners have generally to be determined from the file names. If the proposed file is a system file, do not indicate an owner. It will be considered as owned by root, and only root will be allowed to access the file. If the file belongs to a user who has a Windows and a Linux account, enter the account and group of owner.
The resulting mapping file is written on file UserMapping in the current directory. For the file to be usable, first mount the volume, then copy UserMapping to /.NTFS-3G/UserMapping in the mounted directory, then unmount the volume and mount it again.
No data sharing
If your NTFS volume is to be used on Linux only, with no connection to any Windows system, you can use your favourite random number generator to generate your SID. Just copy the pattern below, replace the digits in purple by a number above 1000 and the blue ones by a sequence of three numbers not greater than 4294967295.
This line defines a generic pattern to be used to create SIDs for users and groups. It has void login and group fields, and must be located at the end of the file.
Files declared as readable by anybody will still be readable on any Windows system though the owner and group are not recognized.