138 lines
6.1 KiB
Plaintext
138 lines
6.1 KiB
Plaintext
|
This document describes how FAT and VFAT file system permissions work
|
||
|
in Linux with a focus on configuring them for Wine.
|
||
|
|
||
|
Introduction
|
||
|
------------
|
||
|
Linux is able to access DOS and Windows file systems using either the
|
||
|
FAT (older 8.3 DOS filesystems) or VFAT (newer Windows 95 or later
|
||
|
long filename filesystems) modules. Mounted FAT or VFAT filesystems
|
||
|
provide the primary means for which existing applications and their
|
||
|
data are accessed through Wine for dual boot (Linux + Windows)
|
||
|
systems.
|
||
|
|
||
|
Wine maps mounted FAT filesystems, such as "/c", to driver letters,
|
||
|
such as "c:", as indicated by the wine.conf file. The following
|
||
|
excerpt from a wine.conf file does this:
|
||
|
[Drive C]
|
||
|
Path=/c
|
||
|
Type=hd
|
||
|
|
||
|
Although VFAT filesystems are preferable to FAT filesystems for their
|
||
|
long filename support the term "FAT" will be used throughout the
|
||
|
remainder of this document to refer to FAT filesystems and their
|
||
|
derivatives. Also, "/c" will be used as the FAT mount point in
|
||
|
examples throughout this document.
|
||
|
|
||
|
Most modern Linux distributions either detect or allow existing FAT
|
||
|
file systems to be configured so that can be mounted, in a location
|
||
|
such as /c, either persistently (on bootup) or on an as needed basis.
|
||
|
In either case, by default, the permissions will probably be configured
|
||
|
so that they look something like:
|
||
|
~>cd /c
|
||
|
/c>ls -l
|
||
|
-rwxr-xr-x 1 root root 91 Oct 10 17:58 autoexec.bat
|
||
|
-rwxr-xr-x 1 root root 245 Oct 10 17:58 config.sys
|
||
|
drwxr-xr-x 41 root root 16384 Dec 30 1998 windows
|
||
|
where all the files are owned by "root", are in the "root" group and
|
||
|
are only writable by "root" (755 permissions). This is restrictive in
|
||
|
that it requires that Wine be run as root in order for applications to
|
||
|
be able to write to any part of the filesystem.
|
||
|
|
||
|
There three major approaches to overcoming the restrictive permissions
|
||
|
mentioned in the previous paragraph:
|
||
|
1) Run Wine as root
|
||
|
2) Mount the FAT filesystem with less restrictive permissions
|
||
|
3) Shadow the FAT filesystem by completely or partially copying it
|
||
|
Each approach will be discusses in the following "Running Wine as
|
||
|
root", "Mounting FAT filesystems" and "Shadowing FAT filesystems"
|
||
|
sections.
|
||
|
|
||
|
Running Wine as root
|
||
|
--------------------
|
||
|
Running Wine as root is the easiest and most thorough way of giving
|
||
|
applications that Wine runs unrestricted access to FAT files systems.
|
||
|
Running wine as root also allows applications to do things unrelated
|
||
|
to FAT filesystems, such as listening to ports that are less than
|
||
|
1024. Running Wine as root is dangerous since there is no limit to
|
||
|
what the application can do to the system.
|
||
|
|
||
|
Mounting FAT filesystems
|
||
|
------------------------
|
||
|
The FAT filesystem can be mounted with permissions less restrictive
|
||
|
than the default. This can be done by either changing the user that
|
||
|
mounts the FAT filesystem or by explicitly changing the permissions
|
||
|
that the FAT filesystem is mounted with. The permissions are
|
||
|
inherited from the process that mounts the FAT filesystem. Since the
|
||
|
process that mounts the FAT filesystem is usually a startup script
|
||
|
running as root the FAT filesystem inherits root's permissions. This
|
||
|
results in the files on the FAT filesystem having permissions similar
|
||
|
to files created by root. For example:
|
||
|
~>whoami
|
||
|
root
|
||
|
~>touch root_file
|
||
|
~>ls -l root_file
|
||
|
-rw-r--r-- 1 root root 0 Dec 10 00:20 root_file
|
||
|
|
||
|
which matches the owner, group and permissions of files seen on the
|
||
|
FAT filesystem except for the missing 'x's. The permissions on the
|
||
|
FAT filesystem can be changed by changing root's umask (unset
|
||
|
permissions bits). For example:
|
||
|
~>umount /c
|
||
|
~>umask
|
||
|
022
|
||
|
~>umask 073
|
||
|
~>mount /c
|
||
|
~>cd /c
|
||
|
/c>ls -l
|
||
|
-rwx---r-- 1 root root 91 Oct 10 17:58 autoexec.bat
|
||
|
-rwx---r-- 1 root root 245 Oct 10 17:58 config.sys
|
||
|
drwx---r-- 41 root root 16384 Dec 30 1998 windows
|
||
|
Mounting the FAT filesystem with a umask of 000 gives all users
|
||
|
complete control over the it.
|
||
|
Explicitly specifying the permissions of the FAT filesystem when it is
|
||
|
mounted provides additional control. There are three mount options
|
||
|
that are relevant to FAT permissions: "uid", "gid" and "umask". They
|
||
|
can each be specified when the filesystem is manually mounted. For
|
||
|
example:
|
||
|
~>umount /c
|
||
|
~>mount -o uid=500 -o gid=500 -o umask=002 /c
|
||
|
~>cd /c
|
||
|
/c>ls -l
|
||
|
-rwxrwxr-x 1 sle sle 91 Oct 10 17:58 autoexec.bat
|
||
|
-rwxrwxr-x 1 sle sle 245 Oct 10 17:58 config.sys
|
||
|
drwxrwxr-x 41 sle sle 16384 Dec 30 1998 windows
|
||
|
which gives "sle" complete control over /c. The options listed above
|
||
|
can be made permanent by adding them to the /etc/fstab file:
|
||
|
~>grep /c /etc/fstab
|
||
|
/dev/hda1 /c vfat uid=500,gid=500,umask=002,exec,dev,suid,rw 1 1
|
||
|
Note that the umask of 002 is common in the user private group file
|
||
|
permission scheme. On FAT file systems this umask assures that all
|
||
|
files are fully accessible by all users in the specified group (gid).
|
||
|
|
||
|
Shadowing FAT filesystems
|
||
|
-------------------------
|
||
|
Shadowing provides a finer granularity of control. Parts of the
|
||
|
original FAT filesystem can be copied so that the application can
|
||
|
safely work with those copied parts while the application continue to
|
||
|
directly read the remaining parts. This is done with symbolic links.
|
||
|
For example, consider a system where an application named "AnApp" must
|
||
|
be able to read and write to the c:\windows and c:\AnApp directories
|
||
|
as well as have read access to the entire FAT filesystem. On this
|
||
|
system the FAT filesystem has default permissions which should not be
|
||
|
changed for security reasons or can not be changed due to lack of root
|
||
|
access. On this system a shadow directory might be set up in the
|
||
|
following manner:
|
||
|
~>cd /
|
||
|
/>mkdir c_shadow
|
||
|
/>cd c_shadow
|
||
|
/c_shadow>ln -s /c_/* .
|
||
|
/c_shadow>rm windows AnApp
|
||
|
/c_shadow>cp -R /c_/{windows,AnApp} .
|
||
|
/c_shadow>chmod -R 777 windows AnApp
|
||
|
/c_shadow>perl -p -i -e 's|/c$|/c_shadow|g' /usr/local/etc/wine.conf
|
||
|
The above gives everyone complete read and write access to the
|
||
|
"windows" and "AnApp" directories while only root has write access to
|
||
|
all other directories.
|
||
|
---
|
||
|
Steven Elliott (elliotsl@mindspring.com)
|