questions re: usb drive. fat32, linux file system

[Xen]

Ralf Mardorf schreef op 20-06-2017 20:09:
> On Tue, 20 Jun 2017 12:48:28 +0200, Xen wrote:
>> Also if you are going to use ext2/3/4 you are going to be running into
>> permission issues all the time because you can't really turn them off.
> 
> Not if the user always access the USB stick with root privileges
> or possible different users share the same uid, e.g. 1000 ;).

Yes, well, it is arguing about a rather dysfunctional thing.

I have a patch for ... it's not online. Oops.

I have a patch for the CIFS kernel module that fixes some weird bug (in 
a bit of a quick and dirty way) in that sometimes even if you have group 
access (locally) to some SMB mount the CIFS module will refuse you write 
access. The reason for this was that the "noperm" mode makes the mount 
world-accessible which may be a bit too much; but without it you may run 
into that bug where you try to use groups for the same purpose, but it 
doesn't work.

So I introduced a "nogperm" mode where the module skips doing any access 
checks (locally) as soon as you are part of the group that owns the 
file.

For some reason as soon as this is done, the local check succeeds (is 
granted) at which point the CIFS permissions at the server then become 
'accessible' and usually this means that the user that is logged into 
the (Samba) server is then used to check access credentials on the 
server.

This is not ideal for multi-user but Linux group permissions are rather 
difficult (there is no group hierarchy) so it may allow someone to 
access files owned by others (when Unix permissions are used on CIFS) 
when the local user is part of the group that owns those files.

So if the server is multi-user and you are using unix mode, which means 
you will see remote ownership, and remotely you are part of the group, 
and remotely you have write access, and locally you are also part of the 
group, there is a bug that will prevent you from actually acting on it.

The local unix permissions check does not succeed. I could not figure 
out why so I just circumvented it :p.

If you are part of the remote group (locally) then the permission check 
is circumvented and the server is authoritative.

So it is really meant for a single user (local) system, in that sense.



I am just saying that I have done enough battling with permissions ;-).


> I stay with fat for my USB sticks and never ever would use an USB stick
> for a backup, but as already pointed out, a tar archive stored even on
> fat solves the permission-ownership-attributes issues.

Yes.

Agreed.

-- 
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users