I've got a couple of external HDDs and I've noticed the permissions on them are differ, which has got me wondering how a few things work.
On the hard drive that seems to be normal, it has the following permissions on machine 1 (as seen in the info panel):
myuser1 (Me) - Read & Write
staff - Read & Write
everyone - Read only
Now when connecting it to my second computer, the user I'm logged in as still has write permissions. When viewing the permissions again I see:
myuser2 (Me) - Read & Write
staff - Read & Write
everyone - Read only
1) I the reason that this second computer has R&W permissions because myuser2
is also a member of staff
?
2) If so how is the staff
group on one machine determined to be logically the same as a group named staff
on another machine? I.e. security wise, how is this secure?
How are users and groups referenced in the file's permissions, in a way that is "secure", yet somehow works across 2 completely separate machines? Is it done by name? uid? gid (for groups)? Either way, as these aren't UUIDs, how can this be classed as secure? One could simply ensure a user is created has the same uid as is required to view a file that they're not supposed to see, and they'll have access!
Best Answer
First some important commands to know:
ls -laO
shows a lot:ls -elaO
includes ACLs:The following command shows all members of a group (the example group here is staff):
The following command shows the UID, the GID and the group memberships of user_name
Please check your various users/groups with the last two commands to get an overview.
Standard permissions in the file system are applied by using UID and GID instead of names. So
should be read as (assuming myuser1's UID=501):
Attaching My Passport to another Mac (Mac2) - the UID/GID won't be changed - will reveal the following:
In case myuser2's UID=501 and GID=20 (GID=20 (staff) is a standard group on every Mac and every (standard or admin) user created with the System Preferences is member of it)
which retranslates to:
and myuser2 on Mac2 has the same rights as myuser1 on Mac1
In case myuser2's UID=502 and myuser3's UID=501 and both are member of staff:
myuser2 as member of staff isn't owner anymore but can still rwx.
In case myuser2's UID=502 and is member of staff and myuser3 with UID=501 has been deleted:
myuser2 as member of staff isn't owner anymore but can still rwx.
In case myuser2's UID=503 and is not member of staff and UID=501 is deleted
myuser2 as others (member of everyone?) can rx.
So to answer your questions: the reason why myuser2 on Mac2 has the same rights as myuser1 on Mac1 are the same UID and GID/group memberships of both on their respective host. Staff is a default group on every Mac.
In your current environment (single machines/admin rights for the main user(s)) using external drives is not "secure/save" - only using permissions to determine access. And it was never meant to be.
In an organizational unit (the common user of a workstation is no admin) with a centralized user management (OD etc.) you may use applied mount points and special groups do deal with external drives:
Special owner and a new group for the drive/mountpoint:
or
and all non-admin users which require access to the external drive(s) are member of GID=512 ("External Drive Users")
Still, when the external drive is lost, anyone may have access to it. To make it secure you have to encrypt the content of the external disks.