NTFS data partition can't be accessed by another user unless unmounted in my current user session before logging out

I am on ubuntu 14.04, wanted to create another account, beside my admin one, for my family members to use so as not to interrupt my work. The problem is I can't grant the other account access to the NTFS partiton which contains the data and I have tried some solutions mentioned on the forums but nothing worked. Still the user who logs in first when the machine reboots seems to take hold of that partition and prohibit any other users from accessing it even after he had logged out. The only trick I found to work is to unmount that partition before logging out the current user. That way the next one who is going to log in will mount the partition and acess it.

My question really is wether this is the way partition access works among different machine users, I mean to unmount whichever partition you are using for another user to be able to use it after you, or that I couldn't properly grant the access to that partition?


The easiest, and likely best way to achieve this if you need this all the time for all users all the time whenever the computer is on, is to define the mount point and the rules for mounting the partition in /etc/fstab. By doing this, you can provide access rights automatically when the partition / drive is mounted.

This is a much more advanced practice, but if the device with the NTFS partition is always connected to the computer anyways, this removes some headaches that you're encountering, and effectively automates the providing of security controls around the data, and allows us to actually modify the controls over time, without having to manually remount things with different options or users each time.

I have a few other sections in this answer.

  • The first is one of my NTFS fstab entries, which is for the Windows partition on my Ubuntu computer (and I'm the only user on the computer).
  • The second section takes my fstab entry, and explains the mount options.
  • The third section provides you my suggested procedure for providing 'secure' access to the partition, automounting at boot, and a decent set of mount options for your case (including making a 'user group' that you add users who are permitted to access the data on the mounted partition to. That user group acts as an 'access control', as does the specific file permissions being applied.)
  • The fourth section will give you a potential /etc/fstab line to use, provided you listened to me in the third section.

(1) My fstab entry

I unfortunately have such a NTFS partition on my laptop, and I have to make it readable to myself and system services...

# Windows Partition - targetted for /media/win7
UUID=UUIDOFPARTITION  /media/win7    ntfs-3g     defaults,locale=en_US.utf8,windows_names,umask=7000,uid=1000,gid=1000,user  0   0

What's this line mean? Well, the first line with a # in front is a comment. The second line is the more important bit, which is the actual fstab entry:

  1. I identify the partition by UUID, which is a string that identifies the partition. You can get the UUID of any given partition by doing sudo blkid /dev/sda1 (replacing /dev/sda1 with the actual ID for your partition, so if it's on a second disk and it's the third partition in the second disk's partition table, then possibly /dev/sdb3 would be in this command. I strip out the quotes around the UUID= line in my fstab entry.)
  2. I mount it in /media/win7 at boot.
  3. It's an NTFS partition, so I pass to fstab the ntfs-3g option so it knows it's NTFS.
  4. I provide it the default mount options and then some (I explain these later).
  5. The fifth field determines whether filesystems need to be dumped or not, but since this isn't necessary, I passed it a 0.
  6. The sixth field is used by fsck to determine the order of filesystem checks at boot time, but since I don't need it to do so, I pass a 0.

(2) Mount Options

I pass quite a few mount options:

  • defaults - passes default mount options (rw - read/write, suid - allow set-user-identifier or set-group-identifier bits to take effect, dev - interpret character or block special devices on the filesystem, exec - permit execution of binaries, auto - allows mounting with the -a option of mount, nouser - prohibits a user from mounting (overridden later), async - permit asynchronous I/O with the filesystem.)
  • locale=en_US.utf8 - enforces the US English locale with UTF8
  • windows_names - enforces that Windows name restrictions are in place for new files in the partition.
  • umask=7000 - Basically, inverse chmod. Define what permissions are not permitted for files. Essentially, I don't prohibit anything read/write/execute here, so all files on the mounted location get, effectively, read, write, and execute privileges. I don't want any of the special bits set (setuid, setgid, sticky), so I have to eliminate them from the first octet - since the numeric sum of those is a '7' and i'm prohibiting those permissions, I put a leading 7.
  • uid=1000, gid=1000 - Have the partition mounted into that folder with user and group ownership of UID (User ID) and GID (Group ID) of 1000 (this is my user's user and group, teward, on the Ubuntu system).
  • user - Allow a user to mount or unmount the directory. Overrides the nouser option in defaults.

(3) A Solution for You, in a Secure Way

We could probably simplify the mount options to be these options, though, for your use case, since users are accessing the data and not the system. However, lets do this in a secure manner. Lets create a user group that would give read/write/execute here.

addgroup ntfs-users - This will create a user group called 'ntfs-users'.

id -g ntfs-users - This will give us a numeric group ID for 'ntfs-users'. We need this for the gid= mount option.

usermod -a -G ntfs-users USERNAME - add the USERNAME user to the ntfs-users group we just created.

Now, we can utilize this string of mount options:

rw,exec,async,auto,user,locale=en_US.utf8,windows_names,umask=7007,gid=654

What this does that my string in my fstab does not is:

  1. Pick and choose certain options we want to use from defaults
  2. Lets the uid of the owner user be whatever (usually root at boot mounting)
  3. Does NOT permit users to mount/unmount
  4. Sets 'group' ownership of the mountpoint (and therefore access to the data inside) to Group ID 654, the hypothetical group ID of ntfs-users which we created above
  5. Does not permit the 'everyone else' set of users (i.e. not the owner user and not anyone in the ntfs-users group) access to the data at all.

If you want to own the data, that is, to be the owner user instead of root, then add back in the uid= option. Use id -u YOURUSERNAME and replace YOURUSERNAME with your username to get the User ID (uid) to use with that option.


(4) A possible /etc/fstab entry for YOUR use case, assuming you listened to me in section 3

Get the UUID for the partition, then this could be something like your /etc/fstab line:

UUID=0123456789ABCDEF    /mnt    ntfs-3g    rw,exec,async,auto,user,locale=en_US.utf8,windows_names,umask=7007,gid=654    0    0

Replace the value in UUID= with the UUID of the partition you want to mount, replace /mnt with the mount point on your system, replace the value for gid= in the mount options with the group ID of your ntfs-users group we created, and if you wish to have your user as owner instead of root, then add a uid= option, providing the uid for your user, as I stated how to do so earlier.