Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use UFS for shared external drives Storage Devices
When formatting an external drive which will be shared by a number of users, it is worth considering whether to use UFS formatting or not. The usual recommendation is to use HFS+, but this has a serious disadvantage for shared drives as the drive is mounted as if the current user owns all the files.

As an example, consider a user named Fred, who creates a important file on the HFS+ drive and carefully uses Get Info (or chmod if he's a geek) to make the file only accessible to himself. Fred logs out. Along comes Sally, who logs in and has a look at the drive. She does a Get Info on the file Fred made, and finds it is owned by herself. So she proceeds to delete it, as she can't remember creating it. Result: misery. Another formatting choice is to use FAT32, which also allows the drive to be used on an MS Windows PC. However, the same permissions problems occur.

The solution is to use UFS, the Unix File System, which is the native UNIX disk format. This preserves the permissions as created, and Sally can't look at Fred's files (and vice versa); just like on the startup disk. There is one disadvantage in using UFS that I've stumbled across: it doesn't handle files over 4GB.

[robg adds: A bigger issue is that UFS won't handle resource forks -- and although resource forks aren't nearly as important now as they have been in the past, it may still be a big issue for some users.

As a workaround, though not perfect, Fred could use encrypted disk images and carefully named files, such as Fred's Important Paper -- assuming that Sally isn't malicious by nature, then this should work fine. Any other suggestions for file security on shared hard drives?]
    •    
  • Currently 1.80 / 5
  You rated: 1 / 5 (5 votes cast)
 
[20,586 views]  

Use UFS for shared external drives | 19 comments | Create New Account
Click here to return to the 'Use UFS for shared external drives' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use UFS for shared external drives
Authored by: ducasi on Aug 30, '07 07:46:11AM

Fred should untick the "ignore permissions on this volume" box in the "Get Info..." for this external disk. :)



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: dbs on Aug 30, '07 09:03:13AM

Actually, the user IDs are just stored by number on the drive, so this may not help.

If the first account created on Computer A was "fred" and the first account created on Computer B was "sally" then they will both have UID 500. So even if you respect the permissions, Sally will still see all of Fred's files as hers and have full rights to them.



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: ducasi on Aug 30, '07 09:41:02AM

Indeed, if the drive is used on multiple machines, then you can get UID clashes. Formatting the disk as UFS will not help here though.

The answer to this is for Fred & Sally to both have accounts, created in the same order on both machines so that their UIDs match up across the two computers. Or better still, have a "server" computer that they both have accounts on, plug the shared disk into it and then they can both access their own files on their own computers at the same time!



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: Andrew Fletcher on Sep 01, '07 01:35:01AM

I had tried unticking the "ignore ownership" button before I wrote the hint and that had had no effect on the ownership as far as I could see. However, with all the comments on this thread saying otherwise I tried out HFS+ on a small flash drive to see if I could work out what had gone wrong when I'd used the HFS+ hard drive.

All of this is on one iMac running 10.4.10 with all software updates applied. There are two users involved: "admin" who is an administrative user, and "fred" (not his real name) who is a standard user.

"admin" HFS+ formats the drive as "hfsplus" and does a "Get Info" on it and unticks the "ignore ownership" button and closes "Get Info". He then puts on a folder called "Users" and creates two folders in "Users" called "admin" and "fred". Using "sudo chown" the ownership of "fred" is set to "fred".
This all works as the comment makers expect. "fred" can't write into Users/admin on hfsplus and can't delete Users/admin. "fred" can write into Users/fred OK.

However, the security of the files are at risk because "fred" can tick the "ignore ownership" of hfsplus in "GetInfo" and then he can delete "/Users/admin". Curiously, if "fred" then tries to untick the "ignore ownership" button the usual "Authenticate" dialogue appears requesting an administrative a name and password.

I can only assume that while I was setting up the HFS+ hard drive I had ticked the ignore ownership in "fred" and had looked at an already open "Get Info" in "admin" and had seen it unticked. Or something like that.

However, given the insecurity I've seen, I feel inclined to stay with UFS format despite the warnings. For the record, iPhoto, iTunes, Photoshop Elements 2 and various other applications seem to work OK using files on the UFS drive. I have tripped over the case sensitivity problem, but in that case it was easily worked around. I rarely use the Classic OS 9 environment and I can be careful to only use files on my start-up disk if I do.



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: ocdinsomniac on Aug 30, '07 08:58:27AM

Yeah, ducasi is right. The described behavior only occurs if "Ignore ownership on the volume" is checked. Otherwise, permissions on the shared drive (firewire drive, network share or local partition) will behave as expected. Using UFS is not recommended by Apple for numerous reasons, and is a really bad idea from everything I've seen.



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: Andrew Fletcher on Aug 30, '07 02:20:37PM

I tried unticking the "ignore ownership" on HFS+ and it made no difference. I could still create a file with one user and delete it with another. I expected it to work as you suggest but it didn't help. Perhaps it's the drive I'm using? It's a Western Digital "My Book".



[ Reply to This | # ]
deletion of a file depends on folder ownership & permissions
Authored by: hayne on Aug 30, '07 11:46:13PM
I could still create a file with one user and delete it with another.
Note that the ability to delete a file does not depend on the ownership or permissions of the file - it depends on the ownership and permissions of the enclosing folder. So if the file you created as userA was in a folder where userB had write permission, then it is quite usual that userB would be able to delete that file.

To prevent deletion of a file, put it in a folder that is owned by your user and make sure that the permissions on that folder only allow your user to write to that folder.

[ Reply to This | # ]

deletion of a file depends on folder ownership & permissions
Authored by: Andrew Fletcher on Sep 02, '07 03:03:34AM

The file I was trying to delete was in a folder that had the correct permissions when set up by admin. The problem being that ticking the "ignore ownership" button changes the perceived ownership. Here's a before and after (using ls -lR /Volumes/hfsplus). The file I managed to delete as fred was admin.txt which is in /Users/admin which was not writable by fred as set up.

ls -lR /Volumes/hfsplus by user admin with "ignore ownership" not ticked.
total 16
-rw-r--r-- 1 root admin 1024 Sep 1 08:30 Desktop DB
-rw-r--r-- 1 root admin 2 Sep 1 08:15 Desktop DF
drwxr-xr-x 6 admin admin 204 Sep 1 08:33 Users

/Volumes/hfsplus/Users:
total 0
drwxr-xr-x 3 fred admin 102 Sep 1 08:15 fred
drwxr-xr-x 2 visitor admin 68 Sep 1 08:13 visitor
drwxr-xr-x 4 admin admin 136 Sep 1 08:12 admin

/Volumes/hfsplus/Users/fred:
total 16
-rw-r--r-- 1 fred admin 7234 Oct 2 2005 fred.xml

/Volumes/hfsplus/Users/visitor:

/Volumes/hfsplus/Users/admin:
total 24
-rw-r--r-- 1 admin admin 11224 Jun 10 2006 admin.txt

ls -lR /Volumes/hfsplus as fred after ticking the "ignore ownership" (as fred).
total 16
-rw-r--r-- 1 fred fred 1024 Sep 1 08:30 Desktop DB
-rw-r--r-- 1 fred fred 2 Sep 1 08:15 Desktop DF
drwxr-xr-x 6 fred fred 204 Sep 1 08:33 Users

/Volumes/hfsplus/Users:
total 0
drwxr-xr-x 3 fred fred 102 Sep 1 08:15 fred
drwxr-xr-x 2 fred fred 68 Sep 1 08:13 visitor
drwxr-xr-x 4 fred fred 136 Sep 1 08:12 admin

/Volumes/hfsplus/Users/fred:
total 16
-rw-r--r-- 1 fred fred 7234 Oct 2 2005 fred.xml

/Volumes/hfsplus/Users/visitor:

/Volumes/hfsplus/Users/admin:
total 24
-rw-r--r-- 1 fred fred 11224 Jun 10 2006 admin.txt


So because fred could tick the "ignore ownership" button, he had write access to everything on the disc. I would have expected fred to be faced with a "give me an admin name and password" dialogue when he ticked the button as he is a standard user, but that dialogue did not come up.



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: crooner on Aug 30, '07 09:26:09AM

Good tip on the "Ignore Privs" thing.
Many sites that allow for user comments are rarely worth reading. Not so here. Possibly the best and most useful comments on any Mac site.

The most important issue, however is that Fred and Sally seek couples therapy and confront the fact that Fred's "important files" are absurdly kinky porn MPEGs.
Not judging you, Fred... show me 100 geeks, two of which deny having porn porn their Mac and I'll show you two liars.

So let's rename this thread, "HFS+, Shared Volumes, Porn and You: how to have it your way."



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: giaguara on Aug 30, '07 10:30:23AM
You can as well enable ACL [syntax] on the client Mac OS X.
If you need Windows interoperability, install HFS Explorer on Windows side and you are sorted using HFS+. There was some similar utility for Linux side too... Or use Fuse + MacFUSE on the Mac side and go with NTFS.


[ Reply to This | # ]
Use UFS for shared external drives
Authored by: EricF on Aug 30, '07 10:49:15AM

If I remember right, there are some problems (or just differences) on a filesystem formatted as UFS. The main problem is that UFS is case sensitive as well as case preserving. HFS+ is only case preserving. So software that assumes that filenames are not case sensitive can run into trouble (I've run into some).

As an aside, Mac OS X Tiger doesn't officially support UFS boot volumes (I know the question didn't involve boot volumes, but I thought I'd throw in that tidbit).



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: Cobalt Jacket on Aug 30, '07 01:26:08PM
Here's hoping ZFS makes its way into Leopard as an option to replace the dated HFS+ and UFS systems.

[ Reply to This | # ]
Use UFS for shared external drives
Authored by: morespace54 on Aug 30, '07 01:32:44PM

An other suggestion would be to buy Sally her own computer! ;)

But seriously, I've also run into some problems with different software with files formatted as UFS... So be careful (and maybe format a second drive (if available) in HFS+?)



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: Simon Andersen on Aug 30, '07 01:53:12PM

Seriously. Physical access = No security. (DISCLAIMER: Assuming a stock configuration of Mac OS X) If a person with malicious intent can get physical access to your computer no amount of chmod'ding or obscure (available on Mac OS X) formatting is going to help you.

Rob is correct in suggesting the use of encrypted disk images. It's really the only way to go and it's what powers Mac OS X's filevault as well. Of course if the other person deletes the disk image you're done for either way.

But if we're talking about casual protection against a spouse deleting your important file then unchecking "Ignore permissions" should suffice.



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: code4fun on Aug 30, '07 09:32:55PM

If you really value your data, then the only safest way is to have your own drive. Forget about sharing it.



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: rpaege on Aug 31, '07 05:20:33PM

I'd go with the encrypted disk image in an invisible folder.



[ Reply to This | # ]
Use UFS for shared external drives
Authored by: lonephone on Sep 01, '07 09:48:51AM

This hint may be a little unwise as Apple said that UFS is going to be deprecated under Mac OS X (as in not being able to format new UFS volumes anymore, then have UFS read-only...).



[ Reply to This | # ]
Do not use FAT!
Authored by: drewknet on Sep 01, '07 02:55:14PM

FAT is not particularly robust and OS X is not forgiving to problems with FAT. Disk Utility First Aid will not repair FAT problems. I know this first hand where a friend bought a Firewire drive which was formated with FAT. Of course it worked when he plugged it in so he did not think to format it as HFS+. Some time latter an application crashed and left the drive in a bad state. In order to recover the drive I had to install a Firewire card in a PC and use PC recovery software to recover the files as best I could.



[ Reply to This | # ]
This has nothing to do with UFS or HFS+
Authored by: 97mop on Sep 04, '07 03:35:25AM

As has already been stated, the problem is that checkbox. It is checked by default on newly formatted HFS+ drives. Uncheck and the problem is solved. UFS has some advantages, including disk I/O that doesn't suck and the fact that it doesn't wear specific sectors of the drive like HFS does, but in most cases HFS+ is the one to use.

Please rename this hint - the filesystem has nothing to do with this question.



[ Reply to This | # ]