[Discuss] USB thumbdrive, Linux only usage: FAT vs NTFS vs other? TRIM support?

John Abreau abreauj at gmail.com
Thu Feb 28 09:49:52 EST 2013 

find /path/to/thumb drive -xdev -type f -exec chmod 666 '{}' ';'
find /path/to/thumb drive -xdev -type d -exec chmod 777 '{}' ';'

Doesn't look all that tedious to me. 



On Feb 27, 2013, at 6:45 PM, Derek Martin <invalid at pizzashack.org> wrote:

> On Tue, Feb 26, 2013 at 07:08:14PM -0500, Matthew Gillen wrote:
>> On 2/25/2013 10:19 PM, Tom Metro wrote:
>>> Matthew Gillen wrote:
>>>> Create a single directory in the root of the thumb drive, and give that
>>>> world-write and group-write, then give it set-group-ID bit ('chmod g+s
>>>> dirname').
>>>> 
>>>> Every file created will inherit the group-id of the original directory...
>>> 
>>> How does that help if the numeric GIDs vary from machine to machine?
>> 
>> It doesn't matter.  The files (even new ones you're attempting to write)
>> always inherit the GID of the parent dir. It's just an integer.  True,
>> it won't map to a readable name on some systems (or map to a different
>> name), but the display name of the group doesn't matter, and won't stop
>> you from reading and writing.  The permission system is based on the
>> integer values.
> 
> You're missing the problem.  
> 
> You create the drive on your home Linux system.  On that system,
> your UID and GID match, and are 500.  You create your SGID, world-
> readable/writable directory.  You write files into it.
> 
> Now you want to use it on your work desktop, which is managed by your
> IT department, and your UID is 8365, GID is 1020.  
> 
> Unless you also make all your FILES world readable and world writable
> when you write them to the USB drive, you will not be able to read or
> write those files when you plug it into your work desktop.
> 
> This WILL WORK, but in general this is bad practice, and may even be
> against your company's security policy.  You'll either need to change
> your umask when you want to use the drive, and change it back when you
> switch back to using your machine's internal disk, which you'll no
> doubt forget to do very frequently, OR, you can tediously manually
> change the permissions on all the files you write to your thumb drive.
> Blech.  Not to mention the fact that if you're using an application to
> write the file, it may not even allow you to write files with 0666
> permissions in the first place.  [Some security-concious internet
> client programs don't allow this, for instance.]  So even if you
> change your umask, you'll still have to check to see that the access
> is fully permissive.
> 
> What you're suggesting is doable; but it is either horribly tedious,
> or ignores good security practices.  Or both.  Granted, anyone who
> gets physical access to your thumb drive has all your files (unless
> you encrypt it), so that's not a real issue...  But in order to cope
> with this scheme without a painful degree of tedium, you have to put
> yourself in the habit of ignoring security considerations.  That's a
> bad habit to be in, and in some extreme cases could even get you fired
> (though admittedly, that's very unlikely for most of us).
> 
> -- 
> Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address.  Replying to it will result in
> undeliverable mail due to spam prevention.  Sorry for the inconvenience.
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss

More information about the Discuss mailing list