Are file permissions in files on external devices silly?

Phillip Susi psusi at
Fri Nov 21 22:08:06 UTC 2008

Martin Pitt wrote:
> For removable drives, once the kernel supports uid=/gid= options for
> hfs+ (Mac) and ext3 (other Linuxes), they can be trivially applied
> automatically in hal if a device is detected as removable. The hard
> part is to get kernel support for it.

They already are applied by hal, which is why you can access fat and 
ntfs formatted external media normally.  The problem is that other 
filesystems ( ext3, hfsplus in this case ) don't support it.  I ran into 
this issue a year or two ago with the UDF filesystem on cd and dvd rw 
media and patched the filesystem in the kernel to fix it.  It became a 
bit more complicated than just giving the desktop users' [ug]id options 
though.  I ended up adding two new options to udf.  I will explain:

The way it used to be, udf only used the [ug]id given in the mount 
options to fill in a default when there was no id stored on the disk ( 
if the on disk id is -1 ).  This allowed you to access files normally on 
a udf disk that was burned with a cd burning program, which leaves all 
the ids as -1, but if you mounted it read/write, any newly created files 
would be saved with your id.  To fix this I added two additional options 
you could pass to [ug]id=, which were "ignore" and "forget".  The ignore 
option causes udf to ignore the id on disk if there is one, and always 
apply the default.  The forget option tells it to record -1 on the disk 
for the id if it matches the default.

It seems like the same thing needs done to the other filesystems, and 
hal needs modified to apply the ignore and forget options as well. 
Actually probably only forget should be applied by default, that way any 
files created on the disk NOT owned by the interactive user ( for 
instance, someone backing up files owned by multiple people ) will 
retain the correct ownership.

> I mostly agree. I know systems which use USB hard drives as their main
> storage, where enforcing file system permissions is absolutely
> required. However, on such configurations, these drives are in fstab
> (for / or /home, etc.) and thus won't have the uid=/gid= options
> applied.
> I don't think any user will expect enforced file permissions on an
> automount in /media/.

Some people do.  We need a way to be able to configure hal ( preferably 
with a checkbox in the gnome properties window for the drive ) to 
configure the use of these options.

More information about the Ubuntu-devel-discuss mailing list