Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

An overview of file ownership on removable drives System
This may be obvious to some but I think it's worth noting for those that may not be aware of it. If you have an external portable HD such as a FireWire HD and create a number of HFS+ partitions and filesystems on it using Apple's Disk Utility, you should be aware of what happens to owner and group settings when you move that drive to another machine. For example, on my iMac, executing
ls -la /Volumes/iBook_RootB/usr/bin/sudo
Returns a listing showing that owner=root and group=wheel.

If I now disconnect the FireWire drive and connect it to my iBook and execute the same command, I see owner=XXX and group=unknown, where XXX is my login account name. Why is this?

Read the rest of the article for the details...

The ownership change is related to the fact that the file system(s) created (in the above example 'iBook_RootB') on the FireWire drive were done so on the iMac. Somewhere in the HFS+ file system structure, the iMac's serial number or some analogous piece of information is stored.

This means that OS X will, by default, uncheck the "Ignore privileges on this volume" in the Show Info dialog box for the mounted drives Desktop icon when the drive is connected to the original iMac. However, when connected to the iBook the "Ignore privileges on this volume" box is checked. It's this feature that causes the owner=XXX and group=unknown to be displayed. If (on the iBook) you uncheck this box, you will see that owner=root and group=wheel for the 'ls -la' command.

This makes me speculate that Apple is associating an HFS+ file system with the computer it was built with. This allows X to determine if the file system is 'foreign' and defaults to "Ignore privileges..." to override security issues with file permissions etc. This is so, because the UNIX file UIDs and GIDs are the file attributes that control whether a user has certain access rights (permissions) when opening a file. In my example, it's possible that user A on the iMac has a UID=500 and user B on the iBook also has a UID=500. User B does not own the file -- user A does. So X sets the "Ignore privileges..." box whenever the file system is mounted on any X system computer that didn't create the file system.

Anyway -- I thought that this 'hint' might help others in understanding this aspect of exporting file systems to other Macs. When I first came across this I thought my file system was royally messed up!

[Begin editor's note]

barrysharp has a good point - permissions change on portable drives, as they must in order to prevent conflicts and allow the user to see what they think they should see: move a drive from one place to another and access everything on it. There's a brief description of this feature in an Apple Developer PDF titled Inside OS X: System Overview [that's a 250 page, 2.9mb PDF download link!]:
The file-system component of Darwin is based on extensions to BSD and an enhanced Virtual File System (VFS) design. VFS enables a layered architecture in which file systems are stackable. The file-system component introduces several new general features:
  • Permissions on removable media. This feature is based on a globally unique ID registered in a system for each connected removable device (including USB and FireWire devices).
  • URL-based volume mount...etc.
I can imagine they spent quite a bit of time trying to figure out the "right" way to handle a removable drive and UNIX permissions. I'm not positive everyone will agree this is the right way to do it, but as an end user, it makes sense to me.

[End editor's note]
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (4 votes cast)
 
[18,759 views]  

An overview of file ownership on removable drives | 11 comments | Create New Account
Click here to return to the 'An overview of file ownership on removable drives' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
FW removeable HD
Authored by: DaveT on Apr 18, '02 10:02:25AM

For a non-geek like me what I'm interested in is the ability to use my partitioned FW HD to back up my G4 533 to one partition and my Ti 500 to another. I've done that using Retrospect Express which warns me if the "ignore privileges" is set. I had to uncheck it. Both backups worked fine and I was able to boot from each backup. I haven't tried to restore. Are you saying that that is where a privilege problem would occur?



[ Reply to This | # ]
User 501 ... 502 ... etc
Authored by: thinkyhead on Apr 18, '02 04:57:35PM

Since Mac OS X assigns the user id beginning at 501 on every computer it means that if you move a drive from your machine to someone else's then their user 501 will have access to everything belonging to your user 501.



[ Reply to This | # ]
Re: User 501 ... 502 ... etc
Authored by: sjk on Apr 18, '02 08:17:18PM

And it's great fun managing NFS-mounted filesystems on servers without consistent UID/GID mappings. ;-)



[ Reply to This | # ]
How to toggle permissions from the command line
Authored by: sabi on Apr 18, '02 05:54:16PM
You can enable or disable permissions on a disk with the vsdbutil command:
% vsdbutil -h
Usage: vsdbutil [-a path] | [-c path ] [-d path] [-i]
where
        -a adopts (activates) on-disk permissions on the specified path,
        -c checks the status of the permissions usage on the specified path
        -d disowns (deactivates) the on-disk permissions on the specified path
        -i initializes the permissions database to include all mounted HFS/HFS+ volumes


[ Reply to This | # ]
Re: How to toggle permissions from the command line
Authored by: sjk on Apr 18, '02 08:24:16PM

Interesting... thanks for the tip. Gotta love the generous documentation.



[ Reply to This | # ]
How to toggle permissions from the command line
Authored by: overhack on Aug 05, '03 03:07:57PM

I discovered this by reading Mike Bombich's Apple Software Restore page:

The vsdbutil command doesn't just toggle the "Ignore ownership on this volume" for the time that the volume is mounted, but for all time. By running vsdbutil -a /Volumes/MountPoint you add the GUID of the mounted filesystem to the computer's database of "local" filesystems, a.k.a. those on which it recognizes ownership.

[ Reply to This | # ]

How to toggle permissions from the command line
Authored by: mattconnolly on Sep 15, '04 02:54:36AM

Does this work on network mount points?
I am having problems with read-only access when connecting via afp to a firewire drive on another mac. I have read/write access to the files on the drive, but for some reason, I only have read-only access on the mount point itself - so I can't create any new files.....

Matt



[ Reply to This | # ]
it isnt anything that affects me,
Authored by: normcook on Apr 18, '02 06:10:16PM

but many schools use filters that wouldnt allow them to view this page since it says the three straight x's..... for that reason it is better to use something else to represent a wildcard...



[ Reply to This | # ]
it isnt anything that affects me,
Authored by: barrysharp on Apr 19, '02 02:12:10PM

normcook:

Geeesh, I never gave a second thought to using three X's. Would four X's have passed the test or is it simply having at least three? I will be more thoughtful next time, and thanks for point that out to me... Barry Sharp



[ Reply to This | # ]
Group=unknown on 2nd internal drive
Authored by: BertD on Jun 17, '02 06:43:06PM

I have a second internal IDE drive, used for data, and although user shows up fine, group=unknown on all files.
The drive doesn't come from another machine and was formatted on the machine it's used on.
Anyone an idea?



[ Reply to This | # ]
Group=unknown on 2nd internal drive
Authored by: soob on Aug 15, '02 10:59:17AM

I believe files created while in OS 9 will have the attributes you describe.



[ Reply to This | # ]