Re: usb flash disk, ext3 file systems, enforcing rights, security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Paul Johnson wrote:

How do you secure privacy of files on a USB stick?


encrypt the filesystem,



The usb flash memory stick works fine if it is VFAT, but what if you
are worried you might lose it and then anybody could read your
secrets.  Or, if you need to share a file to somebody, but don't want
them to read everything else, what do you do?

I thought I could fix that by putting  on an ext3 file system. But it
doesn't help. Windows users with IExplore can see all the files, no
matter who owns them.
really? Did you add ext3 support to Windows? if not, then my next guess is that you're confused! 




On a Linux system, the owners of the files are not recognized.  I had
forgotten that ext3 uses user numbers, rather than user names, for
ownership information.  So when I take a disk from one system to the
next, then the user is either unrecognized or wrong.  Here's a case
where it is unrecognized:

drwxr-xr-x 3 29999 29999  4096 2007-11-26 19:50 Booger
It's not wrong, it's right in the current context. The mapping between names and numbers is merely for human convenience. Archive utils such as tar try to preserve both, but restoring in the wrong context can be problematic. Just as you're seeing here. 



I've seen other cases where another user who happens to have the same
user number is given ownership of my files.

So, apparently I can't rely on the file system permissions to give me
any security.

Aside from tarring up stuff that I don't want to be public and
encrypting with a gpg signature, I'm stumped on what I should do.

Can you put an encrypted file system on a usb flash disk? How?
I've not tried creating a new filesystem on a flash drive, but I know my boss reformatted one on his Mac, with the result I couldn't read it on Windows.
If one only wants to use part of the USB disk, it's possible to put a big file on it: 
dd if=/dev/zero of=/media/USBDISK/bigfile bs=1M count=512
and create a filesystem:
mke2fs /media/USBDISK/bigfile

I can't advise on making an encrypted filesystem, I've never done it.





--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux