usb flash disk, ext3 file systems, enforcing rights, security

John Summerfield debian at herakles.homelinux.org
Tue Dec 11 23:09:22 UTC 2007 

Paul Johnson wrote:
> How do you secure privacy of files on a USB stick?

encrypt the filesystem,

> 
> The usb flash memory stick works fine if it is VFAT, but what if you
> are worried you might lose it and then anybody could read your
> secrets.  Or, if you need to share a file to somebody, but don't want
> them to read everything else, what do you do?
> 
> I thought I could fix that by putting  on an ext3 file system. But it
> doesn't help. Windows users with IExplore can see all the files, no
> matter who owns them.

really? Did you add ext3 support to Windows? if not, then my next guess 
is that you're confused!


> 
> On a Linux system, the owners of the files are not recognized.  I had
> forgotten that ext3 uses user numbers, rather than user names, for
> ownership information.  So when I take a disk from one system to the
> next, then the user is either unrecognized or wrong.  Here's a case
> where it is unrecognized:
> 
> drwxr-xr-x 3 29999 29999  4096 2007-11-26 19:50 Booger

It's not wrong, it's right in the current context. The mapping between 
names and numbers is merely for human convenience. Archive utils such as 
tar try to preserve both, but restoring in the wrong context can be 
problematic. Just as you're seeing here.

> 
> I've seen other cases where another user who happens to have the same
> user number is given ownership of my files.
> 
> So, apparently I can't rely on the file system permissions to give me
> any security.
> 
> Aside from tarring up stuff that I don't want to be public and
> encrypting with a gpg signature, I'm stumped on what I should do.
> 
> Can you put an encrypted file system on a usb flash disk? How?

I've not tried creating a new filesystem on a flash drive, but I know my 
boss reformatted one on his Mac, with the result I couldn't read it on 
Windows.

If one only wants to use part of the USB disk, it's possible to put a 
big file on it:
dd if=/dev/zero of=/media/USBDISK/bigfile bs=1M count=512
and create a filesystem:
mke2fs /media/USBDISK/bigfile

I can't advise on making an encrypted filesystem, I've never done it.





-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

More information about the fedora-list mailing list