Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Ownership of encrpted USBdrive with ext4

  1. #1

    Default Ownership of encrpted USBdrive with ext4

    How do I change the ownership of an ecrypted USB device (encrypted using YaST) so that I am able to read and write files on it? I'd like to use ext4 on an encrypted USB drive but I wasn't able to figure this out. Searching the web didn't help. Paragraph 10.1.4 of the documentation for openSUSE 12.3 simply says: "For devices with a file system other than FAT, change the ownership explicitly for users other than root to enable these users to read or write files on the device." But no further instructions are given. How do I do that?

    Michael

    openSUSE 13.1 64bit KDE

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,273

    Default Re: Ownership of encrpted USBdrive with ext4

    There isn't such a thing as ownership for a file system. Ownership and permissions are for individual files (and thus also for directories).

    That means that e.g. the mount point must have correct ownership and/or permissions to allow users (which ones?) to follow the path. And of course all files on the file system are also owned by somebody and have permissions.

    When the above does not help, you could become more specific. E.g. telling (and showing) the mount point and it's contents using ls. And revealing which user(s) must be able to do what.
    Henk van Velden

  3. #3

    Default Re: Ownership of encrpted USBdrive with ext4

    Oh boy, this goes beyond what I am used to. Here is my attempt of a response.

    After formatting and encrypting the device with Yast the device is owned by "User: root" and "Group: root" according to the properties of the device when I access them in Dolphin. But this doesn't allow me, the normal user "my-user-name" who belongs to the users group to gain acces to the device.

    Using Dolphin Super User Mode I can go to the properties of the device (right-click), then "Permissions" and then change the ownership to "User: my-user-name" and "Group: users." The owner has has rwx permissions, the group only r-x. Permissions are thus the same as the permissions of the folder "my-user-name" in /home.

    The device is mounted on /run/media/my-user-name/07470d91-e1c9-493b-8ce3-412c2ccdd4fe as shown in the properties.

    The funny thing is that I can copy single files to the device but not a folder with files, or more exact: the folder is copied, but not the files. In the folder properties it says "Forbidden" for owner, group and other. (I could change the permissions manually for each folder but that is time consuming and not practical.)

    Checking "Apply changes to all subfolders and their contents" in "Properties Permissions" of the device and then changing the values to "root" in both fields and then back to "my-user-name" and "users" does not help. (At least I tried that without success.)

    This is what I did and what the situation is right now. Am I on the wrong track? Do I need to provide more information?

    Michael

  4. #4

    Default Re: Ownership of encrpted USB drive with ext4

    I gave it another try. I deleted to the encrypted partition on the USB device, created a non-encrypted one with FAT and created a new encrypted partition with ext4 - just to make sure that I have a fresh start.

    Using Dolphin Super User Mode I checked "Apply changes to all subfolders and their contents" first and then changed the ownership of the device to "User: my-user-name" and "Group: users" with rwx permissions for the owner and r-x for the group. Now I can copy folders with subfolders and files to the device (which I use as one of my backup devices).

    Is this the correct method to gain access to an encrypted device with ext4 as normal user? I'd be glad to read a positive answer. I hope that the method will work with other devices, too.

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,784
    Blog Entries
    3

    Default Re: Ownership of encrpted USB drive with ext4

    Quote Originally Posted by opensuseinmanila View Post
    Is this the correct method to gain access to an encrypted device with ext4 as normal user? I'd be glad to read a positive answer. I hope that the method will work with other devices, too.
    No, that's not correct. I am far from clear on what you did.

    It is the nature of an ext4 file system, that ownership is at the level of files (and directories). You are probably writing to the FAT partition that you also created but did not encrypt. In other words, I suspect that you have an encrypted ext4 partition that you are not using, and an unencrypted FAT partition that you are using. So the data is not encrypted.

    While I have not tried it, as far as I know, you can encrypt the USB and still format the encrypted partition as FAT if that is what you would find most useful. You won't to access that on Windows, though, unless you install some LUKS encryption software for Windows.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  6. #6

    Default Re: Ownership of encrpted USBdrive with ext4

    Using FAT looks like the better options as it doesn't give the problems with denied access. I may switch to FAT then.

    But still, there is only an ext4 partition on the device, no FAT partition. Unfortunately I didn't find a way to show that here.

  7. #7
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,762

    Default Re: Ownership of encrpted USBdrive with ext4

    use

    fdisk -l

    To show us. note that is a lower case L not a one

    Please use code tags (# on the bar) for computer output

    FAT does not understand ownership like a real Linux file system. So the files are owned by what ever entity mounts it and the permissions are faked.

  8. #8

    Default Re: Ownership of encrpted USBdrive with ext4

    Here is what I did with another device: delete the partition on it, add an encrypted ext4 partition, change the ownership in the properties of the device (which shows up as a folder in Dolphin) using Dolphin Super User Mode so that the owner of the device is "my-user-name", the group is "users" (see post #3 above). And lo and behold, I can read and write on the device. (That's the expected outcome.) Here is what fdisk -l says:

    Code:
    linux-xxxx:/home/"my-user-name" # fdisk -l
    WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.
    
    Disk /dev/sda: 750.2 GB, 750156374016 bytes, 1465149168 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    Disk label type: gpt
    
    #         Start          End    Size  Type            Name
     1         2048       321535    156M  EFI System      primary
     2       321536       643071    157M  Microsoft basic primary
     3       643072   1465147391  698.3G  Linux LVM       primary
    
    Disk /dev/mapper/cr_ata-TOSHIBA_MK7559GSXP_719LS8OXS-part3: 749.8 GB, 749824114688 bytes, 1464500224 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    
    Disk /dev/mapper/system-home: 708.7 GB, 708669603840 bytes, 1384120320 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    
    Disk /dev/mapper/system-root: 26.8 GB, 26843545600 bytes, 52428800 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    
    Disk /dev/mapper/system-swap: 6442 MB, 6442450944 bytes, 12582912 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    
    fdisk: cannot open /dev/mapper/cr_usb-Ut163_USB2FlashStorage_000000000000BA-0:0-part1: Input/output error
    The only thing I know is that I have access to the device (read and write).

    What do you think about this procedure?

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,273

    Default Re: Ownership of encrpted USBdrive with ext4

    Again, you did NOT change the ownership of the device as there is no such thing.

    You changed the ownership of the directory. Which is something you can do to any directory (or other type of file for that matter). And it will have the effects of al changed ownerships. The fact that it is a mountpoint or the fact that the file system is encrypted have no relation to this.

    Please try to find on the internet some documentation about ownership of files and persmissions in Unix/Linux. Without such basic knowledge it is very difficult to understand what happens here.
    Henk van Velden

  10. #10

    Default Re: Ownership of encrpted USBdrive with ext4

    All right, I changed the ownership of a directory using a method similar to the one described here: https://www.linux.com/learn/tutorial...sions-in-linux (in the section "GUI: Change ownership" with the necessary adjustments). I get that. The outcome seems to be an encrypted device with an ext4 partition that I can read and write on - I on my own machine or on the machine of my wife with my wife logged in with her user name (also running openSUSE 13.1 with KDE Plasma Desktop) - because I changed the ownership of the directory. (Hopefully this is an acceptable description of what is happening here.)

    Allow me to go back to post #1 and the quote from paragraph 10.1.4 of the documentation for openSUSE 12.3: "For devices with a file system other than FAT, change the ownership explicitly for users other than root to enable these users to read or write files on the device." This is where it all started. Although English is not my native language I would say that the natural interpretation of this clause is that ownership is a property of the device: "For devices...change the ownership..." Ownership of what? Of the device. Although technically this is not the correct answer as I know now.

    I am sorry that I caused a lot of confusion here. But part of the confusion is caused by my interpretation of the documentation.

    Apart from that, using FAT for an encrypted partition on an external device seems to be the easier thing to do. Would you agree?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •