DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th June 2008
Quaxo Quaxo is offline
Port Guard
 
Join Date: Jun 2008
Posts: 29
Thanked 0 Times in 0 Posts
Default How do I a USB flashdrive so I can use chmod?

Hi!

I have a little problem with my USB flashdrive. This is what I have done:

1. Connect the USB flashdrive
2. Create new directory: mkdir /mnt/flash
3. Create new filesystem: newfs sd0c
4. Mount the USB flashdrive: mount /dev/sd0i /mnt/flash
5. ...do the work...
6. Leave the directory /mnt/flash (if needed)
7. Unmount the USB flashdrive: umount /mnt/flash

It works good (at step 3 I can instead type "newfs_msdos -F 32 sd0c" if I want compability with Windows).

But how do I mount the flashdrive so I can set the files permissions, user ID, group ID etc.?


Thanks in advance
/Quaxo
Reply With Quote
  #2   (View Single Post)  
Old 29th June 2008
Quaxo Quaxo is offline
Port Guard
 
Join Date: Jun 2008
Posts: 29
Thanked 0 Times in 0 Posts
Default

Never mind, I found the problem.

In step 4 I must use "mount_ffs /dev/sd0i /mnt/flash" (I know I tryed that before and then got some errors, it must have been a different format at that time because it works great now).


Take care
/Quaxo
Reply With Quote
  #3   (View Single Post)  
Old 29th June 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

If the file system is FFS or ext2(3) you can use file permissions, but it's impossible for FAT as it has no concept of Unix permissions.

This has been said in the past, FAT was designed for a single-user operating system..

EDIT: If you want to restrict access to files on ANY portable device, a better method would be encryption.. via OpenSSL for instance.

Last edited by BSDfan666; 29th June 2008 at 05:46 PM.
Reply With Quote
  #4   (View Single Post)  
Old 29th June 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Thanked 20 Times in 18 Posts
Default

Quote:
Originally Posted by Quaxo View Post
Never mind, I found the problem.

In step 4 I must use "mount_ffs /dev/sd0i /mnt/flash" (I know I tryed that before and then got some errors, it must have been a different format at that time because it works great now).


Take care
/Quaxo
You sure you found the problem?

By default the mount command attempts to mount ufs (unix fs), and the ufs is also known as ffs

And yes I can confirm "mount" without ffs works fine with my usb stick. If the file is set perm 600, except the owner, nobody can read it.
Reply With Quote
  #5   (View Single Post)  
Old 29th June 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Quote:
Originally Posted by 18Googol2 View Post
And yes I can confirm "mount" without ffs works fine with my usb stick. If the file is set perm 600, except the owner, nobody can read it.
Right, but that doesn't stop someone from gaining access to the file if they steal the drive...

All they have to do is use their root account...
Reply With Quote
  #6   (View Single Post)  
Old 29th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,140
Thanked 182 Times in 149 Posts
Default

Compared with an Unix or Unix-like filesytem, a FAT filesystem has limited facilities to administer file access, and it is totally misses the concept of users and groups. So these things have to be emulated.

See the mount_msdos man page for the defaults and how to override these defaults.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #7   (View Single Post)  
Old 29th June 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Thanked 20 Times in 18 Posts
Default

Quote:
Originally Posted by BSDfan666 View Post
Right, but that doesn't stop someone from gaining access to the file if they steal the drive...

All they have to do is use their root account...
It doesnt make any sense

Probably you meant to say the drive should be formatted as ffs instead of ufs to prevent the read permission from bad guy?

1. ufs and ffs are identical.

2. Once he got the drive, mounting as ufs or ffs is his choice, you have no control here.

3. Also, once the bad guy physically possesses the drive, I dont think ufs, ffs or any fs can stop him from accessing the drive, as long as it is not encrypted, corrupted.

My 2 cents
Reply With Quote
  #8   (View Single Post)  
Old 29th June 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Using NTFS over FAT32 was actually the greatest reason to upgrade to Windows NT in the Microsoft world.


For whatever portion that unix like systems play in the rest of the file system world, BSD has lived happily for decades ;-)
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #9   (View Single Post)  
Old 29th June 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Quote:
Originally Posted by 18Googol2 View Post
It doesnt make any sense

Probably you meant to say the drive should be formatted as ffs instead of ufs to prevent the read permission from bad guy?
What are you talking about? I was replying to your post.

You claimed, that setting chmod 600 would stop someone from accessing your file.. that's incorrect, if someone plugged your drive in their BSD computer they could mount the partition and use "their local root account" to read the file.

Encryption would be the only option.. please re-read my initial posts, I was very clear.

Quote:
Originally Posted by 18Googol2 View Post
3. Also, once the bad guy physically possesses the drive, I dont think ufs, ffs or any fs can stop him from accessing the drive, as long as it is not encrypted, corrupted.
That's exactly what I said , I thought you were implying otherwise.

Last edited by BSDfan666; 29th June 2008 at 07:40 PM.
Reply With Quote
Old 29th June 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,640
Thanked 214 Times in 189 Posts
Default

Quaxo's original question was on usability.

The easiest way I've found to manage USB sticks is to start with fdisk(8). This is because when you "format" sticks on Windows, you get an MBR. That MBR does not have an A6 partition.

This example dedicates a stick to OpenBSD, and mounts it at /mnt:

  1. Insert stick. Assuming "sd0" assigned, change commands below if a different SCSI device number assigned.
  2. # fdisk -iy sd0
  3. # printf "a\n\n\n\n\nw\nq\n\n" | disklabel -E sd0
  4. # newfs sd0a
  5. # mount -o softdep,noatime /dev/sd0a /mnt
Reply With Quote
Old 30th June 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Thanked 20 Times in 18 Posts
Default

BSDfan666: Haha it was misunderstanding here. I was referring to one local machine. It is all sorted out anyways, cheers

Quote:
Originally Posted by TerryP View Post
For whatever portion that unix like systems play in the rest of the file system world, BSD has lived happily for decades ;-)
This reminds me of the mini disscussion we had at uni. In term of permission control, any *nix file system is not superior at all, the NTFS, turns out to be the best. It is cumbersome to manage the file/dir permission under *nix mixing with multiple users/groups. What if I need to allow some more users to be able to read my file? Creating a new group which contains me and other users for permission attr of just one file? Now its not one file but a dozen of files and different users? What if I need to give read access to a group of users, but exclude one guy, I know he is bad guy, so no access whatsoever to my file. What should I do?

It is gonna be a huge mess!

Dont ever think to change it, it is too popular and too old
Reply With Quote
Old 30th June 2008
richardpl richardpl is offline
Spam Deminer
 
Join Date: May 2008
Location: Croatia
Posts: 284
Thanked 25 Times in 24 Posts
Default

Quote:
Originally Posted by 18Googol2 View Post
This reminds me of the mini disscussion we had at uni. In term of permission control, any *nix file system is not superior at all, the NTFS, turns out to be the best. It is cumbersome to manage the file/dir permission under *nix mixing with multiple users/groups. What if I need to allow some more users to be able to read my file? Creating a new group which contains me and other users for permission attr of just one file? Now its not one file but a dozen of files and different users? What if I need to give read access to a group of users, but exclude one guy, I know he is bad guy, so no access whatsoever to my file. What should I do?
Some of *nix have alternatives for that, but I will not spam OpenBSD subforum.
Just for the record this is not file system XYZ fault.
Reply With Quote
Old 30th June 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

Quote:
Originally Posted by 18Googol2 View Post
This reminds me of the mini disscussion we had at uni. In term of permission control, any *nix file system is not superior at all, the NTFS, turns out to be the best. It is cumbersome to manage the file/dir permission under *nix mixing with multiple users/groups. What if I need to allow some more users to be able to read my file? Creating a new group which contains me and other users for permission attr of just one file? Now its not one file but a dozen of files and different users? What if I need to give read access to a group of users, but exclude one guy, I know he is bad guy, so no access whatsoever to my file. What should I do?

It is gonna be a huge mess!

Dont ever think to change it, it is too popular and too old
http://en.wikipedia.org/wiki/Access_control_list

http://www.freebsd.org/cgi/man.cgi?q...SE&format=html

http://opensolaris.org/os/community/zfs/

Last edited by ephemera; 30th June 2008 at 11:03 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:15 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick