usb flash disk, ext3 file systems, enforcing rights, security

Mike Wright mike.wright at mailinator.com
Tue Dec 11 19:18:46 UTC 2007


Konstantin Svist wrote:
> Mike Wright wrote:
> 
>> Paul Johnson wrote:
>>
>>> How do you secure privacy of files on a USB stick?
>>>
>>> The usb flash memory stick works fine if it is VFAT, but what if you
>>> are worried you might lose it and then anybody could read your
>>> secrets.  Or, if you need to share a file to somebody, but don't want
>>> them to read everything else, what do you do?
>>>
>>> I thought I could fix that by putting  on an ext3 file system. But it
>>> doesn't help. Windows users with IExplore can see all the files, no
>>> matter who owns them.
>>>
>>> On a Linux system, the owners of the files are not recognized.  I had
>>> forgotten that ext3 uses user numbers, rather than user names, for
>>> ownership information.  So when I take a disk from one system to the
>>> next, then the user is either unrecognized or wrong.  Here's a case
>>> where it is unrecognized:
>>>
>>> drwxr-xr-x 3 29999 29999  4096 2007-11-26 19:50 Booger
>>>
>>> I've seen other cases where another user who happens to have the same
>>> user number is given ownership of my files.
>>>
>>> So, apparently I can't rely on the file system permissions to give me
>>> any security.
>>>
>>> Aside from tarring up stuff that I don't want to be public and
>>> encrypting with a gpg signature, I'm stumped on what I should do.
>>>
>>> Can you put an encrypted file system on a usb flash disk? How?
>>>
>>
>> Hi Paul,
>>
>> Have you looked at ecryptfs?  It lays on top of the underlying 
>> filesystem so the files would be visible but their contents would 
>> require a key or passphrase to decrypt.
>>
>> http://ecryptfs.sourceforge.net/ecryptfs_design_doc_v0_1.pdf
>>
>> :m)
>>
> 
> But is it compatible with other OSes? It would be perfect to have 
> something that allows me to use encryption but still be able to access 
> my files on mac & windows.

There is also truecrypt for linux/windows.  Sources are available.  I 
don't know what would be involved in compiling it for os/x (or even if 
it could be).




More information about the fedora-list mailing list