Why are the default permissions for /media/username root:root?
I have tweaked the permissions on /media/username
from root:root
to username:root
[1]. I understand that a user-centric location allows user-centric permissions [2].
But why were the permissions for this folder root:root
in the first place?
[1] So that I can mount encrypted folders there with Gnome EncFS Manager. For example, I can now mount an encrypted folder as /media/username/personal-documents
.
[2] From Why has Ubuntu moved the default mount points? :
The root cause for this change of default behaviour in udisks2 seems clear : the security. It is safer to restrict access to a file system to one particular user instead of giving access to it to all the users of the system.
Solution 1:
In my case this is how things look in /media
:
$ ls -l /media | grep $USER
drwxr-x---+ 3 root root 4096 Jan 22 15:59 oli
Basically this means that only a root user can interact with the directory. This is great for security (certainly stops other users seeing, let alone stealing/deleting/changing data) but that's not where the story ends.
You might notice the plus sign at the end of the permission mask. This means an ACL (Access Control List) is in use. This allows for far more granular permissions.
$ getfacl /media/$USER
getfacl: Removing leading '/' from absolute path names
# file: media/oli
# owner: root
# group: root
user::rwx
user:oli:r-x
group::---
mask::r-x
other::---
It's through ACL where my user is allowed to view the contents of /media/oli
. I'm still not allowed to edit the contents.
The thing doing the mounting in modern desktops (both Gnome and KDE) is udisks2
:
root 2882 0.3 0.0 195956 4048 ? Sl Jan16 30:35 /usr/lib/udisks/udisks-daemon
root 2887 0.0 0.0 47844 784 ? S Jan16 0:00 udisks-daemon: not polling any devices
root 3386 0.0 0.0 429148 6980 ? Sl Jan16 7:35 /usr/lib/udisks2/udisksd --no-debug
As you can see, it's running there as root, so when something accesses it over DBUS, it's able to create the mount-points within /home/$USER and chown them down to your user so they can edit the contents.
None of that changes what I said originally. I'm just explaining how it works in practice. This is how something on your desktop is in-effect allowed to write somewhere that is only allowed by root, and how your user is allowed to read it despite an otherwise restrictive ownership.
All that turns it into an environment that is secure for the user's data but one that also makes it hard for the user to meddle with the fabric of the mount. They can't, for example, delete the mount-point or rename it which could cause issues unless they have root access.
Edit: Something that just occurred to me is that it also gives an administrator a good place to mount things for a single user. The permissions by default help keep this mount private and protect this mount against the user's meddling. It seems like a fairly sane default for something that done without the /media/$user/
directory, would need root permissions.
Solution 2:
I agree to the other answer and comments in addition to that
root:root
to avoid mainly two situations.
1. Security risk : A hacker script which dump /dev/zero to /media/user/ which fill the root partition and hence unable to login or bad performance.
2. Conflict with udisk2 : Assume a partition with label backup. Udisks mount it @ /media/user/backup . user manually created the above directory which will force the udisk to change mount point to something like /media/user/backup1 and thus misleaded by backup scripts etc.