This file may be copied under the terms of the GNU Public License.
Where options is a combination of :
-a full auditing of security data (Linux only)
-b backup ACLs
-e setting extra backed-up parameters (in conjunction with -s)
-h displaying hexadecimal security descriptors saved in a file
-r recursing in a directory
-s setting backed-up ACLs
-u getting a user mapping proposal
-v verbose (very verbose if set twice)
and args define the parameters and the set of files acted upon.
Typing secaudit with no args will display a summary of available options.
When a volume is required, it has to be unmounted, and the command has to be issued as root. The volume can be either a block device (i.e. a disk partition) or an image file.
When acting on a directory or volume, the command may produce a lot of information. It is therefore advisable to redirect the output to a file or pipe it to a text editor for examination.
-h file Displays in an human readable form the hexadecimal security descriptors saved in file. This can be used to turn a verbose output into a very verbose output.
-a[rv] volume Audits the volume : all the global security data on volume are scanned and errors are displayed. If option -r is present, all files and directories are also scanned and their relations to global security data are checked. This can produce a lot of data. This option is not effective on volumes formatted for old NTFS versions (pre NTFS 3.0). Such volumes have no global security data. When errors are signalled, it is advisable to repair the volume with an appropriate tool (such as chkdsk on Windows.)
[-v] volume file Displays the security parameters of file : its interpreted Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any, and its security descriptor if verbose output.
-r[v] volume directory displays the security parameters of all files and subdirectories in directory : their interpreted Linux mode (rwx flags in octal) and Posix ACL[1], their security key if any, and their security descriptor if verbose output.
-b[v] volume [directory] Recursively extracts to standard output the NTFS ACLs of files in volume and directory.
-s[ev] volume [backup-file] Sets the NTFS ACLS as indicated in backup-file or standard input. The input data must have been created on Linux. With option -e, also sets extra parameters (currently Windows attrib).
volume perms file Sets the security parameters of file to perms. Perms is the Linux requested mode (rwx flags, expressed in octal form as in chmod) or a Posix ACL[1] (expressed like in setfacl -m). This sets a new ACL which is effective for Linux and Windows.
-r[v] volume perms directory Sets the security parameters of all files and subdirectories in directory to perms. Perms is the Linux requested mode (rwx flags, expressed in octal form as in chmod), or a Posix ACL[1] (expressed like in setfacl -m.) This sets new ACLs which are effective for Linux and Windows.
[-v] mounted-file Displays the security parameters of mounted-file : its interpreted Linux mode (rwx flags in octal) and Posix ACL[1], its security key if any, and its security descriptor if verbose output. This is a special case which acts on a mounted file (or directory) and does not require being root. The Posix ACL interpretation can only be displayed if the full path to mounted-file from the root of the global file tree is provided.
-u[v] mounted-file Displays a proposed contents for a user mapping file, based on the ownership parameters set by Windows on mounted-file, assuming this file was created on Windows by the user who should be mapped to the current Linux user. The displayed information has to be copied to the file .NTFS-3G/UserMapping where .NTFS-3G is a hidden subdirectory of the root of the partition for which the mapping is to be defined. This will cause the ownership of files created on that partition to be the same as the original mounted-file.
Example : "u::7,g::5,o:0,u:510:rwx,g:500:5,d:u:510:7"
https://github.com/tuxera/ntfs-3g/wiki/NTFS-3G-FAQ/