Tuesday, May 09, 2006

Linux Voyager: Different View Of What Should Be Familiar Waters

I had a bit of an interesting revelation yesterday, dealing with my memory stick:

Background: Since Unix was designed for multiple users, each maybe doing more than one thing at a time, all on one machine, it has mechanisms in place to keep people from stepping on each other's stuff, reading private info etc. One of these mechanisms is file access control, aka "file permissions:" each user has an identity, and might belong to one or more groups; files likewise have an owner, and may belong to a group as well. Then, what a given user can do with a file depends on his/her user or group identity, and the permission information associated with that file. A file may be readable, writable, or executable (ie launched, if it is a program), for three categories: the file's owner, members of the file's group, and everybody else on the system. Thus you could have a file that is readable and writable by the owner, readable but not writable by members of the group, and totally inaccessible to everyone else.

This comes in handy with security programs like SSH, which will not load a "secret password" data file if the file is readable by anyone but the owner, since the program assumes that it can't be much of a "secret" in that case.

Anyway, The Problem: I wanted to put an identity file on my memory stick, so I could eventually use the stick as a portable security key for SSH, but the stick set the permissions of the file to "readable by everybody," and I couldn't use the standard tools to change them, and SSH refused to deal with the file in that case.

What's Going On: Turns out, the memory stick is set up with the Microsoft "fat32" file system, which doesn't do permissions. Linux compensates by assigning a default permission to all files on the stick whenever it's connected, and these permissions cannot be changed while the stick is attached. What I had to do was tell the system to use different default permissions when attaching the memory stick; when I did this (and re-mounted the stick), all of a sudden everything was fine.

No comments: