[G4] Permissions on external HD

[Alex]

On Monday, Jun 28, 2004, at 23:50 Canada/Eastern, Perry The Cynic wrote:

>  [...] The "ignore ownership" setting is separate for each computer.

Let me offer an addition. (Not a correction -- Perry's advice is 
pertinent and perfectly accurate.)

Permissions are managed by user ID, not user name. On computer A, Jack 
has user ID 501 (his was the first user account created), and Jill has 
user ID 502. On computer B, Jill's account was created first, so she 
has UID 501, while Jack has UID 502. Jack mounts a FW HD on computer A, 
assigns read/write permissions to himself, and no access to anyone 
else. That means that access privileges to the HD are granted to user 
ID 501. So, take the HD to computer B -- suddenly only Jill can access 
the HD, because she, not Jack, is ID 501 on this machine.

> Please understand that file permissions are "discretionary" (as the 
> security folk say): they only matter if all the systems involved agree 
> on what they mean. They cannot protect your files against someone who 
> has physical possession of the disk. If that's what you need, you must 
> put an encrypted disk image on the disk, and put your files into that; 
> then access is effectively controlled by who knows the password, on 
> any computer.

That's very important. For instance, on a Mac booted in Mac OS 9 (if it 
can boot in Mac OS 9, and the HD has Mac OS 9 drivers), essentially 
anyone can access any file.

Also, keep in mind that anyone with admin privileges can access or 
change permissions of an item.

<0x0192>