Strange mounting issue with ext3

Sam Morris sam at robots.org.uk
Thu Apr 9 10:55:06 PDT 2009 

On Tue, 07 Apr 2009 14:01:25 +0159, Maciej Grela wrote:

> 2009/4/7 Patryk Zawadzki <patrys at pld-linux.org>:
>> On Tue, Apr 7, 2009 at 1:10 PM, Roderich Schupp
>> <roderich.schupp at googlemail.com> wrote:
>>> On Tue, Apr 7, 2009 at 11:27 AM, Patryk Zawadzki
>>> <patrys at pld-linux.org> wrote:
>>>> The proper solution is to make the root of the filesystem owned
>>>> and/or writable by your user of choice. This is the part you should
>>>> do after
>>> What is needed here is a new mount option: "forget about the uids on
>>> the drive, just pretend any file is owned by the mounting user".
>>
>> Which can be translated as "just unscrew any disk, put it into a cheap
>> USB sleeve et voila, readable root files with no unix knowledge!"
>>
>>
> UIDs on ext3 are hardly a security feature against someone taking your
> disk and reading data from it. Ozan's point is a valid one. Does anyone
> know how Windows deals with this fact when you create an NTFS filesystem
> on a usb stick, write some files on it under your user's account and
> then try to open them on another computer ? I think this is a common
> scenario.
> 
> Best regards,
> Maciej Grela

On Windows users are identified by an SID (basically a user id with a 
well-defined structure, https://secure.wikimedia.org/wikipedia/en/wiki/
Security_Identifier for more info).

I believe they are unique per user and per machine, globally.

If I mount your filesystem and create some files then they will be owned 
by my SID; if you then examine their ownership information then, since 
you won't have a user with my SID on your system, they will be owned by 
'uknown user (S-1-5-21-7623811015-3361044348-030330820-1013)'. But this 
doesn't really matter, as they will inherit their ACLs from the parent 
directory, which will give them a sensible default.

I think one way to approach this problem for Linux systems would be to 
mount ext3 (and other) filesystems with an option that overrides file 
modes to make all files appear user/group/world writable, with 
directories being additionally world executable.

Of course, such an option may not exist yet... :)

-- 
Sam Morris
https://robots.org.uk/
 
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

More information about the hal mailing list