When you install the security support in ntfs-3g for the first time, you have to define the mapping of Windows accounts to Linux logins for every user who owns files which should be visible from both Windows and Linux. ntfsusermap is a basic utility to help you in doing that, it is available for both systems with a few differences.

This makes it possible for users to have the same rights on NTFS files whether they access them from Windows or Linux. However, if there are several users, they must be grouped the same way on both systems. If the users are in same Windows group, they also have to be put in the same Linux primary group, otherwise access restrictions to files set up on Linux will not apply the same way on Windows, and conversely.

Note : another way to build the mapping file is to apply ntfssecaudit with option -u to files created on Windows by each of the users in their home directory, then to merge the outputs.

There is currently no graphical version of ntfsusermap, so to start it, you must open a cmd (or PowerShell) window. To do this, click Start, then Run, type cmd and click ok. In the window type cd followed by the directory into which ntfsusermap.exe was saved.

A simple way to get a Windows account parameter, when being logged into that account, is to start ntfsusermap with no argument but redirecting the output to a mapping file.

Doing so, you then have to edit the file with your favourite Windows editor (or Wordpad), replacing the words user and group by the Linux login which corresponds to the Windows account, then rename the file as .NTFS-3G\UserMapping, in the root directory of the volume to make accessible to Linux (for example as e:.NTFS-3G\UserMapping for volume e:). You can also do this on Linux, but you must first mount the volume, then edit the file (for example /ntfs/.NTFS-3G/UserMapping if the NTFS volume is mounted into /ntfs), then you must unmount the volume and mount again to activate the mapping.

Be sure to capitalize the directory .NTFS-3G and file name UserMapping correctly, even on Windows. If either is not correctly capitalized, it will not be recognized by Linux.

If you have several accounts to map, repeat the process under Windows for each account and concatenate the outputs in a single file.

Another possibility is to scan one or more volumes for file owners, by indicating the volumes as arguments to ntfsusermap. These volumes need not have to be shared with Linux, but they have to contain files which have been created on Windows by users who have a corresponding login. Whenever possible, the Windows system disk should be indicated first, because this disk generally contains the root directories of all users as subdirectories of c:\Documents and Settings and c:\Users. If the volume to share with Linux is not the Windows system disk, it should be indicated as the second argument. Thus the output will be written at the desired location .NTFS-3G\UserMapping.

Whenever ntfsusermap finds a new owner of a file, it asks for the login of the corresponding Linux owner of the file.

Volumes just formatted and volumes which only contain files created by the base ntfs-3g will obviously bring no clue for file owners. They may nevertheless be indicated next to Windows system volume to receive the mapping output.

Do not reply (just depress "enter") if the file does not belong to a user who should be mapped. You will not be asked again about the same user owning another file on the same volume.

Type the Linux login or group name (or numeric id) if the owner or group should be mapped.

The resulting mapping file is ready for use into the volume designated as the second argument (the one designated as first argument if there is no more).

Note : the mapping file is specific to a volume. If several volumes have to be shared, the file has to be replicated on each of them.

On Linux, ntfsusermap is a part of the ntfs-3g package, and it can be started once the package has been installed. There are two other conditions to be met before doing so :

the designated volume (partition) must not be mounted
the ntfsusermap command must be started as root

The screens may look similar to those of the Windows version, however, as Linux has no knowledge of Windows accounts, there is no indication of current Windows account and fewer indications of names of owners of files. So the owners have generally to be determined from the file names.

Older versions of the command were called ntfs-3g.usermap, with the same options.

If the proposed file is a system file, do not indicate an owner. It will be considered as owned by root, and only root will be allowed to access the file.

If the file belongs to a user who has a Windows and a Linux account, enter the account and group of owner.

The resulting mapping file is written on file UserMapping in the current directory. For the file to be usable, first mount the volume, then copy UserMapping to /.NTFS-3G/UserMapping in the mounted directory, then unmount the volume and mount it again.

If your NTFS volume is to be used on Linux only, with no connection to any Windows system, you can use your favorite random number generator to generate your SID. Just copy the pattern below, replace the digits in last by a number above 1000 and the three before that one by a sequence of numbers not greater than 4294967295.

::S-1-5-21-3141592653-589793238-462643383-10000

This line defines a generic pattern to be used to create SIDs for users and groups. It has void login and group fields, and must be located at the end of the file.

Files declared as readable by anybody will still be readable on any Windows system though the owner and group are not recognized.