73 Write to NTFS





Write to NTFS

figs/moderate.gif figs/hack73.gif

One thing that has been missing from Knoppix (and Linux in general) is the ability to safely write to NTFS partitions. Now with Knoppix 3.4, you can edit, delete, and move files on your NTFS partition—jobs that are difficult with the Windows Recovery CD!

While the Linux kernel has been able to read NTFS partitions for some time, writing to them has always been considered very dangerous. The NTFS spec is a closed spec that requires kernel hackers to reverse engineer it to make a driver that supports it. However, this can be very problematic: if a programmer reverse engineers NTFS 3.0, she must repeat the process when NTFS 4.0 is released. Writing to NTFS has been so dangerous that instead of just warning users, some kernels go as far as disabling write support in the NTFS driver itself. Recently, a solution to write to NTFS partitions has appeared with Captive NTFS. This solution actually uses the NTFS drivers that Windows itself uses, and is included in Knoppix 3.4.

Captive NTFS is still somewhat experimental, and while it has worked for many people, there is a chance for data loss, so be sure to back up any important files on filesystems you mount this way.


1 Configure Captive NTFS

The Knoppix Captive NTFS wizard makes it easy to configure and use the Captive NTFS system. When you run the wizard, it scans all the drives on your computer for the Microsoft-provided NTFS drivers it needs to safely write to your NTFS filesystems. Click K MenuKNOPPIXUtilitiesCaptive NTFS to launch the program. The wizard that appears automates the process of finding and using the NTFS .dlls. Click Forward to see a listing of the system files that Captive NTFS has already found on your Knoppix system. Click Forward again, and the wizard mounts and scans your hard drives for the essential files it needs.

Once Captive NTFS has the modules it needs to mount NTFS, it enables the OK button even though it continues to scan other directories and partitions for drivers. If you are in a hurry, you can click OK to immediately mount NTFS partitions. If you wait for the scan to finish, you are presented with an option to list specific locations for drivers (which could be on a USB key drive, for instance), or you can click Forward to get the option to download the files from the Windows XP Service Pack 1.

In some countries, you must have a valid XP license to legally download Service Pack 1, so if you are unsure of the legality of downloading this publicly available file, consult with your lawyer and with Microsoft's lawyers, and then click "Yes, start the download."


If you have the time, Captive NTFS recommends downloading the latest version of the drivers, which is available in the Windows XP Service Pack 1. However, I have successfully written to NTFS partitions with Windows's standard drivers.

2 Mount NTFS Partitions

Once you are finished with the wizard, you are ready to mount an NTFS partition.

Do not mount the partition by clicking on it on the desktop, because the standard Linux kernel NTFS module is used—not Captive NTFS.


Open a terminal and mount the drive manually using this command:

[email protected][knoppix]$ sudo mount -t captive-ntfs -o uid=knoppix,gid=knoppix 

/dev/hda1  /mnt/hda1

Replace hda1 with the name of your partition. The -t argument is used to specify a filesystem type. Use captive-ntfs to use the NTFS drivers that the Captive NTFS wizard previously found. The -o argument passes other general options to mount. In this case, tell mount to assign the user and group knoppix to the files on this drive. I recommend that you mount the drive at /mnt/hda1, because this directory is created by Knoppix at boot time for this partition, but you can actually use any directory you wish. This drive is now writable by your regular knoppix user; you now possess the power to do good and evil to your drive. Once the drive is mounted, you can treat it like any other mounted filesystem, although I have noticed that write speed is substantially slower with Captive NTFS than with other filesystems.

Once you are finished with the partition, unmount it to ensure that any changes are synced. This is an important step, because normally, when you change a file on a drive, changes are cached to RAM to be written to the drive later. This is performance-enhancing behavior, because it allows writes to occur at an optimal time. Unmount the disk to synchronize any changes in RAM that haven't yet been written to disk.

[email protected][knoppix]$ sudo umount /mnt/hda1


     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows