On Monday, Jun 28, 2004, at 23:50 Canada/Eastern, Perry The Cynic wrote: > [...] The "ignore ownership" setting is separate for each computer. Let me offer an addition. (Not a correction -- Perry's advice is pertinent and perfectly accurate.) Permissions are managed by user ID, not user name. On computer A, Jack has user ID 501 (his was the first user account created), and Jill has user ID 502. On computer B, Jill's account was created first, so she has UID 501, while Jack has UID 502. Jack mounts a FW HD on computer A, assigns read/write permissions to himself, and no access to anyone else. That means that access privileges to the HD are granted to user ID 501. So, take the HD to computer B -- suddenly only Jill can access the HD, because she, not Jack, is ID 501 on this machine. > Please understand that file permissions are "discretionary" (as the > security folk say): they only matter if all the systems involved agree > on what they mean. They cannot protect your files against someone who > has physical possession of the disk. If that's what you need, you must > put an encrypted disk image on the disk, and put your files into that; > then access is effectively controlled by who knows the password, on > any computer. That's very important. For instance, on a Mac booted in Mac OS 9 (if it can boot in Mac OS 9, and the HD has Mac OS 9 drivers), essentially anyone can access any file. Also, keep in mind that anyone with admin privileges can access or change permissions of an item. <0x0192>