FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-11-2007, 04:26 PM
"Paul Johnson"
 
Default usb flash disk, ext3 file systems, enforcing rights, security

How do you secure privacy of files on a USB stick?

The usb flash memory stick works fine if it is VFAT, but what if you
are worried you might lose it and then anybody could read your
secrets. Or, if you need to share a file to somebody, but don't want
them to read everything else, what do you do?

I thought I could fix that by putting on an ext3 file system. But it
doesn't help. Windows users with IExplore can see all the files, no
matter who owns them.

On a Linux system, the owners of the files are not recognized. I had
forgotten that ext3 uses user numbers, rather than user names, for
ownership information. So when I take a disk from one system to the
next, then the user is either unrecognized or wrong. Here's a case
where it is unrecognized:

drwxr-xr-x 3 29999 29999 4096 2007-11-26 19:50 Booger

I've seen other cases where another user who happens to have the same
user number is given ownership of my files.

So, apparently I can't rely on the file system permissions to give me
any security.

Aside from tarring up stuff that I don't want to be public and
encrypting with a gpg signature, I'm stumped on what I should do.

Can you put an encrypted file system on a usb flash disk? How?

--
Paul E. Johnson
Professor, Political Science
1541 Lilac Lane, Room 504
University of Kansas

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 04:48 PM
Mike Wright
 
Default usb flash disk, ext3 file systems, enforcing rights, security

Paul Johnson wrote:

How do you secure privacy of files on a USB stick?

The usb flash memory stick works fine if it is VFAT, but what if you
are worried you might lose it and then anybody could read your
secrets. Or, if you need to share a file to somebody, but don't want
them to read everything else, what do you do?

I thought I could fix that by putting on an ext3 file system. But it
doesn't help. Windows users with IExplore can see all the files, no
matter who owns them.

On a Linux system, the owners of the files are not recognized. I had
forgotten that ext3 uses user numbers, rather than user names, for
ownership information. So when I take a disk from one system to the
next, then the user is either unrecognized or wrong. Here's a case
where it is unrecognized:

drwxr-xr-x 3 29999 29999 4096 2007-11-26 19:50 Booger

I've seen other cases where another user who happens to have the same
user number is given ownership of my files.

So, apparently I can't rely on the file system permissions to give me
any security.

Aside from tarring up stuff that I don't want to be public and
encrypting with a gpg signature, I'm stumped on what I should do.

Can you put an encrypted file system on a usb flash disk? How?



Hi Paul,

Have you looked at ecryptfs? It lays on top of the underlying
filesystem so the files would be visible but their contents would
require a key or passphrase to decrypt.


http://ecryptfs.sourceforge.net/ecryptfs_design_doc_v0_1.pdf

:m)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 04:55 PM
Konstantin Svist
 
Default usb flash disk, ext3 file systems, enforcing rights, security

Mike Wright wrote:

Paul Johnson wrote:

How do you secure privacy of files on a USB stick?

The usb flash memory stick works fine if it is VFAT, but what if you
are worried you might lose it and then anybody could read your
secrets. Or, if you need to share a file to somebody, but don't want
them to read everything else, what do you do?

I thought I could fix that by putting on an ext3 file system. But it
doesn't help. Windows users with IExplore can see all the files, no
matter who owns them.

On a Linux system, the owners of the files are not recognized. I had
forgotten that ext3 uses user numbers, rather than user names, for
ownership information. So when I take a disk from one system to the
next, then the user is either unrecognized or wrong. Here's a case
where it is unrecognized:

drwxr-xr-x 3 29999 29999 4096 2007-11-26 19:50 Booger

I've seen other cases where another user who happens to have the same
user number is given ownership of my files.

So, apparently I can't rely on the file system permissions to give me
any security.

Aside from tarring up stuff that I don't want to be public and
encrypting with a gpg signature, I'm stumped on what I should do.

Can you put an encrypted file system on a usb flash disk? How?



Hi Paul,

Have you looked at ecryptfs? It lays on top of the underlying
filesystem so the files would be visible but their contents would
require a key or passphrase to decrypt.


http://ecryptfs.sourceforge.net/ecryptfs_design_doc_v0_1.pdf

:m)



But is it compatible with other OSes? It would be perfect to have
something that allows me to use encryption but still be able to access
my files on mac & windows.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 06:18 PM
Mike Wright
 
Default usb flash disk, ext3 file systems, enforcing rights, security

Konstantin Svist wrote:

Mike Wright wrote:


Paul Johnson wrote:


How do you secure privacy of files on a USB stick?

The usb flash memory stick works fine if it is VFAT, but what if you
are worried you might lose it and then anybody could read your
secrets. Or, if you need to share a file to somebody, but don't want
them to read everything else, what do you do?

I thought I could fix that by putting on an ext3 file system. But it
doesn't help. Windows users with IExplore can see all the files, no
matter who owns them.

On a Linux system, the owners of the files are not recognized. I had
forgotten that ext3 uses user numbers, rather than user names, for
ownership information. So when I take a disk from one system to the
next, then the user is either unrecognized or wrong. Here's a case
where it is unrecognized:

drwxr-xr-x 3 29999 29999 4096 2007-11-26 19:50 Booger

I've seen other cases where another user who happens to have the same
user number is given ownership of my files.

So, apparently I can't rely on the file system permissions to give me
any security.

Aside from tarring up stuff that I don't want to be public and
encrypting with a gpg signature, I'm stumped on what I should do.

Can you put an encrypted file system on a usb flash disk? How?



Hi Paul,

Have you looked at ecryptfs? It lays on top of the underlying
filesystem so the files would be visible but their contents would
require a key or passphrase to decrypt.


http://ecryptfs.sourceforge.net/ecryptfs_design_doc_v0_1.pdf

:m)



But is it compatible with other OSes? It would be perfect to have
something that allows me to use encryption but still be able to access
my files on mac & windows.


There is also truecrypt for linux/windows. Sources are available. I
don't know what would be involved in compiling it for os/x (or even if
it could be).


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 06:37 PM
Rick Stevens
 
Default usb flash disk, ext3 file systems, enforcing rights, security

On Tue, 2007-12-11 at 11:26 -0600, Paul Johnson wrote:
> How do you secure privacy of files on a USB stick?
>
> The usb flash memory stick works fine if it is VFAT, but what if you
> are worried you might lose it and then anybody could read your
> secrets. Or, if you need to share a file to somebody, but don't want
> them to read everything else, what do you do?
>
> I thought I could fix that by putting on an ext3 file system. But it
> doesn't help. Windows users with IExplore can see all the files, no
> matter who owns them.
>
> On a Linux system, the owners of the files are not recognized. I had
> forgotten that ext3 uses user numbers, rather than user names, for
> ownership information. So when I take a disk from one system to the
> next, then the user is either unrecognized or wrong. Here's a case
> where it is unrecognized:
>
> drwxr-xr-x 3 29999 29999 4096 2007-11-26 19:50 Booger
>
> I've seen other cases where another user who happens to have the same
> user number is given ownership of my files.

Files and directories are ALWAYS done by UID and GID (numbers),
regardless of the Unixish filesystem used to create them (ext2, ext3,
jfs, xfs, you name it). The user- and group-names are simply convenient
to us and are ENTIRELY based on the ability of the listing process to
read the /etc/passwd and /etc/group files. If the listing process can't
read those files, you see the numbers. If it can, you see usernames and
groups.

> So, apparently I can't rely on the file system permissions to give me
> any security.

This is ALWAYS an issue when you move files from system to system. If
you don't keep the UID/GID stuff consistent across all of the systems,
how do you expect them to honor the permissions? This is EXACTLY why
stuff such as NIS and LDAP were created--so there was a single point
of management of UID/GID information.

> Aside from tarring up stuff that I don't want to be public and
> encrypting with a gpg signature, I'm stumped on what I should do.
>
> Can you put an encrypted file system on a usb flash disk? How?

Use ecryptfs on it. Make sure you install ecryptfs-utils.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens@internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- Never test for an error condition you don't know how to handle. -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 10:09 PM
John Summerfield
 
Default usb flash disk, ext3 file systems, enforcing rights, security

Paul Johnson wrote:

How do you secure privacy of files on a USB stick?


encrypt the filesystem,



The usb flash memory stick works fine if it is VFAT, but what if you
are worried you might lose it and then anybody could read your
secrets. Or, if you need to share a file to somebody, but don't want
them to read everything else, what do you do?

I thought I could fix that by putting on an ext3 file system. But it
doesn't help. Windows users with IExplore can see all the files, no
matter who owns them.


really? Did you add ext3 support to Windows? if not, then my next guess
is that you're confused!





On a Linux system, the owners of the files are not recognized. I had
forgotten that ext3 uses user numbers, rather than user names, for
ownership information. So when I take a disk from one system to the
next, then the user is either unrecognized or wrong. Here's a case
where it is unrecognized:

drwxr-xr-x 3 29999 29999 4096 2007-11-26 19:50 Booger


It's not wrong, it's right in the current context. The mapping between
names and numbers is merely for human convenience. Archive utils such as
tar try to preserve both, but restoring in the wrong context can be
problematic. Just as you're seeing here.




I've seen other cases where another user who happens to have the same
user number is given ownership of my files.

So, apparently I can't rely on the file system permissions to give me
any security.

Aside from tarring up stuff that I don't want to be public and
encrypting with a gpg signature, I'm stumped on what I should do.

Can you put an encrypted file system on a usb flash disk? How?


I've not tried creating a new filesystem on a flash drive, but I know my
boss reformatted one on his Mac, with the result I couldn't read it on
Windows.


If one only wants to use part of the USB disk, it's possible to put a
big file on it:

dd if=/dev/zero of=/media/USBDISK/bigfile bs=1M count=512
and create a filesystem:
mke2fs /media/USBDISK/bigfile

I can't advise on making an encrypted filesystem, I've never done it.





--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 10:51 PM
Timothy Selivanow
 
Default usb flash disk, ext3 file systems, enforcing rights, security

On Wed, 2007-12-12 at 08:09 +0900, John Summerfield wrote:
> I've not tried creating a new filesystem on a flash drive, but I know my
> boss reformatted one on his Mac, with the result I couldn't read it on
> Windows.
>
> If one only wants to use part of the USB disk, it's possible to put a
> big file on it:
> dd if=/dev/zero of=/media/USBDISK/bigfile bs=1M count=512
> and create a filesystem:
> mke2fs /media/USBDISK/bigfile
>
> I can't advise on making an encrypted filesystem, I've never done it.

I have, and I've also recently lost my USB flash drive. I did not
panic, however, because I had 1) a recent backup, and 2) sensitive data
on an encrypted partition.

What I did was wipe the partitions and create 2 new ones, one for vfat,
and the other for encryption/ext3. I use LUKS (from the cryptsetup-luks
RPM) to handle the encryption, so negotiating that day-to-day is not a
problem. I put files that need to be accessed by "other" OSes on the
vfat partition, and everything else in the protected area. You can do
any setup you wish though. Here is a basic run-through:

Use fdisk, create 2 primary partitions, one type ID "c" for use with
vfat and the other "83" for use with encryption.

Use mkfs.vfat (from package dosfstools) to format the first one. Then
use cryptsetup on the second. Then temporarily decrypt the new
partition and format that as ext3.

When you are done, when you plug in the drive is will sense the LUKS
headers and prompt you for the password. Once decrypted it behaves like
any other USB drive (with an ext3 FS).

For backups, I just use dd and make a copy of the raw data (that way
sensitive data is still protected). If I need to recover a file I just
use losetup to loop-back mount the dd image.


__________________________________________________ ______
< If the thunder don't get you, then the lightning will. >
--------------------------------------------------------


/
( )
.( o ).

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 09:27 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org