[NTLUG:Discuss] Re: Non destructive NTFS partitioning?

Tue Dec 7 20:08:09 CST 2004

On Tue, 2004-12-07 at 10:51, Terry Henderson wrote:
> Anyone have a report on which Linux distros will, (or are capable of),
> doing non destructive NTFS partitioning  during install?
> (Re-partitioning or splitting of NTFS partition.)

- Move/Resize != Write

Linux _can_ safely move and resize NTFS partitions.  The tools to do so
are part of the NTFS-LDM project.  Some installers are now integrating
this code.  It's very trustworthy -- especially on LDM disk labels
("dynamic disk" partition tables).

- Write = Meta-Data Modification

Understand that move or resizing does _not_ modify meta-data.  Modifying
meta-data (such as writing new files) to a NTFS filesystem without
reading in all the SAM/SID info is the part that is _dangerous_.

FURTHER DISCUSSION ...

A lot of Linux users, let alone MCSEs, don't realize the difference
between "block/structure modification" and "meta-data modification." 
The former is _very_safe_ to do with an OS that didn't create the NTFS
filesystem.  The later is _very_dangerous_ to do with an OS that didn't
create the NTFS filesystem -- because it doesn't have access to the
all-important, NTFS-integrated SAM/SID info.

- The All-Important SAM/SID Info

The SAM/SID info is normally stored in the registry of the system that
created and writes to it.

In a Windows domain, be it old NetBIOS-PDC or ADS-DC, it is stored in
the DCs (hence why DCs don't have a "local" registry and why any Windows
Server that is a DC has a NTFS filesystem that is always "safe" to
attach to another system directly that is part of the domain).

Starting with NT5 (2000), if you use the LDM Disk Label ("dynamic disk"
partition table), the crucial SID/SAM info is stored in hidden sectors,
separate from the NTFS filesystem.  Although this doesn't mean you can
write to it and all meta-data will be proper (users, DAC/MACs, etc...),
but it _will_ allow other NT5+ OSes (possibly Linux NTFS-LDM code in the
future?) write to it in a "consistent" manner.

SIDE NOTE:  LDM disk labels also store other things, like the geometry
NT5+ assumes, which the legacy "PC BIOS" disk label (primary/logical
partition table) does not.  The Linux kernel can already read the LDM
disk label and support Linux partitions inside of it.  If user-space
tools were created around it, and GRUB added the support for it, LDM
disk labels could be the "safest" disk label for installers to dual-boot
with.  E.g., it would solve the current problem with buggy BIOSes
*COUGH*IBM*COUGH* that say they are Extended Int13h compliant, but are
not, and return _improper_ geometry which kernel 2.6 now prefers
(largely for 33/137GB+ drives -- and especially for the >2TB barrier)
and is dorking up installers (Fedora Core 2+, Mandrake Linux 10.x, SuSE
Linux 9.1+, etc...).

- "Captive" is a NTFS user-space driver for Linux

One, additional option on Linux that doesn't exist in the Windows world
is the "Captive" NTFS user-space driver.  In a nutshell, it's really
slow, but Captive will _read_ the registry of a NTFS system and the
all-important SAM/SID information.  It's not reliable from what I've
seen, but it's an option.

SIDE NOTE:  Linux is basically the _only_ OS that has user-space tools
for modifying the NT registry.  If you _ever_ get into a bind where you
can only get to the Command Console in NT5, or you have an older NT4
system with no such option, check out the Linux NT Password Reset CD. 
It has had a registry editor since early 2003.

-- 
Bryan J. Smith                                 b.j.smith at ieee.org 
------------------------------------------------------------------ 
Beware of advocates who justify their preference not in terms of
what they like about their "choice," but what they did not like
about another option.  Such advocacy is more hurtful than helpful.