97845 – ignore file/folder ownership for removable media (e.g. EXT4)

Bug 97845 - ignore file/folder ownership for removable media (e.g. EXT4)

Summary: ignore file/folder ownership for removable media (e.g. EXT4)

Status:	NEW

Alias:	None

Product:	udisks
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium enhancement
Assignee:	Martin Pitt
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-17 16:08 UTC by kolAflash
Modified:	2016-09-17 16:08 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description kolAflash 2016-09-17 16:08:55 UTC

On removable media, formatted with a filesystem that provides Unix permissions like ext4, btrfs, hfs+ and so on, file/folder Unix ownership often has no use. (e.g. on usb memory sticks, usb hard disks, memory cards, ...)
Because if permissions are denied based on the ownership, someone might easily stick the device into another computer where he's root.

Instead its often annoying if you're not using the same numerical UIDs on all your computers.

And this really isn't a good reason to fall back to FAT or NTFS, because Linux has no ownership for files on those filesystems. Especially FAT is a bad idea for removable drives, because it doesn't has a journal for recovery if a drive is unplugged without unmounting. And both don't have permissions, which you might need to mark files executable. (don't get me wrong: I'm NOT saying switch off permissions for removable drives)

And actually ownership can become a security problem on removable media. Guess you plugged an usb memory into a server you're administrating and there might be some sensible files with owner 1001 and permissions 600 on it. And you set up an user account on the server for a friend, so he can run an IRC bouncer or other stuff and that account might just have the number 1001. So your friend will be able to read your secret files from the usb memory while it's plugged in.

Just sometimes ownership might be usefull. E.g. while 1:1 backuping your computer onto an usb hard disk, using rsync.

Whats needed:

A configuration option to switch off ownership globally for all removable devices or per drive.

E.g. removable by /sys/bus/usb/devices/usb1/1-1/1-1.6/removable and a possibility to configure this feature in /usr/lib/udev/rules.d/*-udisks2.rules

Instead, all files/folders should be owned by the user/group who mounted the device, using udisks.

How this can be archived:

Integrating bindfs into udisks.
https://bindfs.org
"bindfs is a FUSE filesystem for mounting a directory to another location, similarly to mount --bind. The permissions inside the mountpoint can be altered using various rules."
And to solve the security issues, the original mount should be put into a folder only root can look into.

Another possibility would be some change in the Linux kernel, adding uid=XXX,gid=YYY options for all filesystems with Unix permissions. But udisks might the the right place for this, because this is about something for everyday use for mounting devices as non-root-user via your desktop environment. (if you're already working in a root shell, you can simply manually use bindfs)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.