From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-152913-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 1E26E138247
	for <garchives@archives.gentoo.org>; Sat,  4 Jan 2014 23:45:20 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0A6C1E0A7F;
	Sat,  4 Jan 2014 23:45:11 +0000 (UTC)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id D6A9DE0A69
	for <gentoo-user@lists.gentoo.org>; Sat,  4 Jan 2014 23:45:09 +0000 (UTC)
Received: by mail-wi0-f172.google.com with SMTP id en1so1633747wid.5
        for <gentoo-user@lists.gentoo.org>; Sat, 04 Jan 2014 15:45:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=of8byUbv5oJ6lsV5sbuPUnKryelaNSBQVzgcx/jwKjI=;
        b=CYo98yldOKYw40pSuOg5kwX8vcl5GzRZ6ONcXW/Dv/hpuBdMha1zh/bPyFJ6uQEOK3
         nYpqH5BOwGmu6OLMFHlr/CA/xsRiRZQTyBRKcNxotPrkQ1r9baFq8Z1wtXFmVUeTXp0S
         nWzcd41jbVGu6TysiDs4mIYFI2NgHVeRvERRcj3h9yh3zy5gqtNBssybwW2pSJKYcY0F
         j4lnZ/TbZvf1jUMUh8VeGbBVbtVhQrJ70mBTQIi2ckRIJOktAf4a6ikn+MUg8tyzAnvX
         5fiwiKziH7qEVn/hzrxTqpWAI2m6WkNZwc/MuxYig/USKGacHp0qbFAFtkyCJ9h9hpSQ
         6aUQ==
X-Received: by 10.194.2.70 with SMTP id 6mr48667216wjs.25.1388879108626;
        Sat, 04 Jan 2014 15:45:08 -0800 (PST)
Received: from [172.20.0.41] (196-210-126-67.dynamic.isadsl.co.za. [196.210.126.67])
        by mx.google.com with ESMTPSA id md9sm9930903wic.1.2014.01.04.15.45.07
        for <gentoo-user@lists.gentoo.org>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sat, 04 Jan 2014 15:45:07 -0800 (PST)
Message-ID: <52C89CE0.4080900@gmail.com>
Date: Sun, 05 Jan 2014 01:44:32 +0200
From: Alan McKinnon <alan.mckinnon@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Preparing a shared USB stick
References: <CAPi0psvFOhdJ0WokoN6F+1TrPcjEMoDVCZqzTuTWSnxkZyP8hQ@mail.gmail.com>	<52C65C99.5080208@gmail.com> <CAPi0pstmU1g4CRt-JuOfLc-gv7mG+x6wg7p=iwnRbG7hmMDX=w@mail.gmail.com>
In-Reply-To: <CAPi0pstmU1g4CRt-JuOfLc-gv7mG+x6wg7p=iwnRbG7hmMDX=w@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 4c6577fa-176e-49e3-b722-417537276689
X-Archives-Hash: 66f6a6a199725cf7457f0761c7d6e67a

On 05/01/2014 01:31, Chris Stankevitz wrote:
> On Thu, Jan 2, 2014 at 10:45 PM, Alan McKinnon <alan.mckinnon@gmail.com> wrote:
>> You don't need chown/chmod at all. FAT has no concept of owner and
>> permissions, so the kernel fudges these. Basically, when mounting the
>> stick it pretends every file on it is owned by the user that mounted it
>> and everything has permissions 777, regardless of who plugged it in.
>> Considering the nature of a USB stick, this is almost always what you want.
> 
> Alan,
> 
> Thank you very much this is exactly what I needed to understand.  It
> sounds like trying to manage a shared disk/stick with ext* would be a
> PITA.


yes, it is, very much so


FAT was designed for MS-DOS where you put a floppy in the drive and you
had full access to everything on it. There was no need to implement
security. And usually this is exactly what you want for USB sticks.

ext* and all the other Unix filesystems were designed to cope well with
multi-user, multi-process environments where the disk is fixed and a
permanent part of the computer infrastructure. Security was very much
part of the design. (OK, to be truthful in the early days it wasn't
security, the idea was just to let everyone keep their stuff separate
and not have everyone clobber everyone else's files, but that translates
directly to a security model). In almost all cases this is not what you
want for USB sticks.

If you DO need security like eg sharing top-secret marketing strategy
docs with the CEO :-) then you just encrypt the drive with a shared
secret. There are many such packages out there, pick one that encrypts
the entire disk without needing to know the fs structure underneath. But
somehow I don't think *that* is what you are looking for :-)


-- 
Alan McKinnon
alan.mckinnon@gmail.com