[Discuss] USB thumbdrive, Linux only usage: FAT vs NTFS vs other? TRIM support?

[invalid at pizzashack.org (Derek Martin)]

On Thu, Feb 28, 2013 at 09:49:52AM -0500, John Abreau wrote:
> find /path/to/thumb drive -xdev -type f -exec chmod 666 '{}' ';'
> find /path/to/thumb drive -xdev -type d -exec chmod 777 '{}' ';'
> 
> Doesn't look all that tedious to me. 

You'll have to do that every time you add files to it...  Seems pretty
tedious to me... especially if you use it a lot.

> On Feb 27, 2013, at 6:45 PM, Derek Martin <invalid at pizzashack.org> wrote:
> 
> > On Tue, Feb 26, 2013 at 07:08:14PM -0500, Matthew Gillen wrote:
> >> On 2/25/2013 10:19 PM, Tom Metro wrote:
> >>> Matthew Gillen wrote:
> >>>> Create a single directory in the root of the thumb drive, and give that
> >>>> world-write and group-write, then give it set-group-ID bit ('chmod g+s
> >>>> dirname').
> >>>> 
> >>>> Every file created will inherit the group-id of the original directory...
> >>> 
> >>> How does that help if the numeric GIDs vary from machine to machine?
> >> 
> >> It doesn't matter.  The files (even new ones you're attempting to write)
> >> always inherit the GID of the parent dir. It's just an integer.  True,
> >> it won't map to a readable name on some systems (or map to a different
> >> name), but the display name of the group doesn't matter, and won't stop
> >> you from reading and writing.  The permission system is based on the
> >> integer values.
> > 
> > You're missing the problem.  
> > 
> > You create the drive on your home Linux system.  On that system,
> > your UID and GID match, and are 500.  You create your SGID, world-
> > readable/writable directory.  You write files into it.
> > 
> > Now you want to use it on your work desktop, which is managed by your
> > IT department, and your UID is 8365, GID is 1020.  
> > 
> > Unless you also make all your FILES world readable and world writable
> > when you write them to the USB drive, you will not be able to read or
> > write those files when you plug it into your work desktop.
> > 
> > This WILL WORK, but in general this is bad practice, and may even be
> > against your company's security policy.  You'll either need to change
> > your umask when you want to use the drive, and change it back when you
> > switch back to using your machine's internal disk, which you'll no
> > doubt forget to do very frequently, OR, you can tediously manually
> > change the permissions on all the files you write to your thumb drive.
> > Blech.  Not to mention the fact that if you're using an application to
> > write the file, it may not even allow you to write files with 0666
> > permissions in the first place.  [Some security-concious internet
> > client programs don't allow this, for instance.]  So even if you
> > change your umask, you'll still have to check to see that the access
> > is fully permissive.
> > 
> > What you're suggesting is doable; but it is either horribly tedious,
> > or ignores good security practices.  Or both.  Granted, anyone who
> > gets physical access to your thumb drive has all your files (unless
> > you encrypt it), so that's not a real issue...  But in order to cope
> > with this scheme without a painful degree of tedium, you have to put
> > yourself in the habit of ignoring security considerations.  That's a
> > bad habit to be in, and in some extreme cases could even get you fired
> > (though admittedly, that's very unlikely for most of us).
> > 
> > -- 
> > Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> > -=-=-=-=-
> > This message is posted from an invalid address.  Replying to it will result in
> > undeliverable mail due to spam prevention.  Sorry for the inconvenience.
> > 
> > _______________________________________________
> > Discuss mailing list
> > Discuss at blu.org
> > http://lists.blu.org/mailman/listinfo/discuss
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.