 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
find /path/to/thumb drive -xdev -type f -exec chmod 666 '{}' ';'
find /path/to/thumb drive -xdev -type d -exec chmod 777 '{}' ';'
Doesn't look all that tedious to me.
On Feb 27, 2013, at 6:45 PM, Derek Martin <invalid at pizzashack.org> wrote:
> On Tue, Feb 26, 2013 at 07:08:14PM -0500, Matthew Gillen wrote:
>> On 2/25/2013 10:19 PM, Tom Metro wrote:
>>> Matthew Gillen wrote:
>>>> Create a single directory in the root of the thumb drive, and give that
>>>> world-write and group-write, then give it set-group-ID bit ('chmod g+s
>>>> dirname').
>>>>
>>>> Every file created will inherit the group-id of the original directory...
>>>
>>> How does that help if the numeric GIDs vary from machine to machine?
>>
>> It doesn't matter. The files (even new ones you're attempting to write)
>> always inherit the GID of the parent dir. It's just an integer. True,
>> it won't map to a readable name on some systems (or map to a different
>> name), but the display name of the group doesn't matter, and won't stop
>> you from reading and writing. The permission system is based on the
>> integer values.
>
> You're missing the problem.
>
> You create the drive on your home Linux system. On that system,
> your UID and GID match, and are 500. You create your SGID, world-
> readable/writable directory. You write files into it.
>
> Now you want to use it on your work desktop, which is managed by your
> IT department, and your UID is 8365, GID is 1020.
>
> Unless you also make all your FILES world readable and world writable
> when you write them to the USB drive, you will not be able to read or
> write those files when you plug it into your work desktop.
>
> This WILL WORK, but in general this is bad practice, and may even be
> against your company's security policy. You'll either need to change
> your umask when you want to use the drive, and change it back when you
> switch back to using your machine's internal disk, which you'll no
> doubt forget to do very frequently, OR, you can tediously manually
> change the permissions on all the files you write to your thumb drive.
> Blech. Not to mention the fact that if you're using an application to
> write the file, it may not even allow you to write files with 0666
> permissions in the first place. [Some security-concious internet
> client programs don't allow this, for instance.] So even if you
> change your umask, you'll still have to check to see that the access
> is fully permissive.
>
> What you're suggesting is doable; but it is either horribly tedious,
> or ignores good security practices. Or both. Granted, anyone who
> gets physical access to your thumb drive has all your files (unless
> you encrypt it), so that's not a real issue... But in order to cope
> with this scheme without a painful degree of tedium, you have to put
> yourself in the habit of ignoring security considerations. That's a
> bad habit to be in, and in some extreme cases could even get you fired
> (though admittedly, that's very unlikely for most of us).
>
> --
> Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address. Replying to it will result in
> undeliverable mail due to spam prevention. Sorry for the inconvenience.
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
