Are file permissions in files on external devices silly?
psusi at cfl.rr.com
Fri Nov 21 22:08:06 UTC 2008
Martin Pitt wrote:
> For removable drives, once the kernel supports uid=/gid= options for
> hfs+ (Mac) and ext3 (other Linuxes), they can be trivially applied
> automatically in hal if a device is detected as removable. The hard
> part is to get kernel support for it.
They already are applied by hal, which is why you can access fat and
ntfs formatted external media normally. The problem is that other
filesystems ( ext3, hfsplus in this case ) don't support it. I ran into
this issue a year or two ago with the UDF filesystem on cd and dvd rw
media and patched the filesystem in the kernel to fix it. It became a
bit more complicated than just giving the desktop users' [ug]id options
though. I ended up adding two new options to udf. I will explain:
The way it used to be, udf only used the [ug]id given in the mount
options to fill in a default when there was no id stored on the disk (
if the on disk id is -1 ). This allowed you to access files normally on
a udf disk that was burned with a cd burning program, which leaves all
the ids as -1, but if you mounted it read/write, any newly created files
would be saved with your id. To fix this I added two additional options
you could pass to [ug]id=, which were "ignore" and "forget". The ignore
option causes udf to ignore the id on disk if there is one, and always
apply the default. The forget option tells it to record -1 on the disk
for the id if it matches the default.
It seems like the same thing needs done to the other filesystems, and
hal needs modified to apply the ignore and forget options as well.
Actually probably only forget should be applied by default, that way any
files created on the disk NOT owned by the interactive user ( for
instance, someone backing up files owned by multiple people ) will
retain the correct ownership.
> I mostly agree. I know systems which use USB hard drives as their main
> storage, where enforcing file system permissions is absolutely
> required. However, on such configurations, these drives are in fstab
> (for / or /home, etc.) and thus won't have the uid=/gid= options
> I don't think any user will expect enforced file permissions on an
> automount in /media/.
Some people do. We need a way to be able to configure hal ( preferably
with a checkbox in the gnome properties window for the drive ) to
configure the use of these options.
More information about the Ubuntu-devel-discuss