I am using ubuntu 22.04. I have a 32GB usb stick. I want to place my Passwords on this stick so that noone can hack into it and use all my information.
PROBLEM: Even though I own the password file, when it is on the stick, it is not owned by me.
I have tried "sudo chown rod:rod /dev/sde Passwords.ods, I might as well sweep the moon for all the good that did. It is still owned be root and I am unable to change the ownership.
I tried sudo chmod 774 but it still will not change anything.
Do I go out and shoot myself.? or is there some way of owning this usb stick.?
Rod. J.
1 Like
It’s mostly likely FAT… doesn’t support UNIX Posix file permissions… Neither does exfat properly either…
You want that? You’ll have to reformat as a UNIX / Linux file system - e.g. ext4…
While you’re there - you might wanna set the file to be in a .dir folder (i.e. a folder that starts with “.” like /home/user/.ssh - and - make that 0700)…
You definitely don’t want 774 on a password document…
Why not be safer and use a KeepAss kdbx database file…
3 Likes
Also - while I’m there - even if your user ID owns it - ANYBODY with superuser permissions, will be able to read it or copy it… any determined hacker or bad player will find a way to get that ODT file and read it…
So - you could either :
encrypt the WHOLE thumb drive…
encrypt the ODT file
I recently had a good experience using “age” encryption, it’s an order of magnitude easier to use than PGP… or TrueCrypt / VeraCrypt…
I’d still recommend you get comfortable with Keepass (e.g. on ubuntu “sudo apt install keepass2”) - protect that with a password (default behaviour) but also protect it with a keyfile stored in a separate folder…
And heed my other recommendations - use folders that start with a dot, e.g. “.rods_stuff” - this won’t stop determined interlopers, but it will “hide” the folder from casual observation - and as mentioned, make the folder “0700”, and make the stuff in there “0600”… But none of this will work on a fat / vfat / fat32 formatted thumb drive…
1 Like
Hello Dan, thank you for the answer. I will reformat the stick with ext4 and try again. I will also try to encrypt the file and even the stick.
I don’t leave the stick in the computer full time, only when I need to look at a particular password to get into a particular site. I hope this doesn’t leave a trail somewhere on my SSD that an intruder can get hold of. I will certainly try all your suggestions and inform you on this platform as to how it goes.
Again, thank you,
Rod. J.
1 Like
Just remember - you’ll be unable to read an ext4 formatted stick on a Windows machine (it is possible, but not easy - need to install some driver to read ext4 on Windows - I had same issue with ext4 on MacOS - and - I gave up, despite spending $60 AUD on a product - it let me down too many times)…
Maybe try ext4 first…
And if you decide to try encryption - there are a number of options… age is pretty much command line only, but a lot easier to use than PGP…
If you need any help using “age” let me know…
Other options, that also have GUI frontends are VeraCrypt… I was using that a whileback (mostly from the CLI shell, but you can do just about everything from the GUI VeraCrypt tool)…
Maybe VeraCrypt might be better in your use case?
1 Like
Can not change access rights for “/media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1/Passwords.ods”
Operation not permitted
well !, that come up a fantastic nothing the above was what I got when I again tried to change the ownership.
Bother!!
Post the output from :
ls -al /media/rod/
ls -al /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1/
also
lsblk
and
fdisk -l
rod@rod:~$ ls -al /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1/
total 56
drwxr-xr-x 3 root root 4096 Jun 27 16:42 .
drwxr-x—+ 6 root root 4096 Jun 27 18:25 …
drwx------ 2 root root 16384 Jun 27 16:34 lost+found
-rw-r–r-- 1 root root 32009 Dec 8 2022 Passwords.ods
rod@rod:~$
rod@rod:~$ ls -al /media/rod/
total 24
drwxr-x—+ 6 root root 4096 Jun 27 18:25 .
drwxr-xr-x 4 root root 4096 Jun 27 13:14 …
drwxr-xr-x 20 root root 4096 Jun 12 11:35 7dedba01-aca7-407e-b72b-c670c6ebe817
drwxr-xr-x 3 root root 4096 Jun 27 16:42 9b7ac9d3-347b-4c3e-a729-4127378ddca1
drwxrwx— 6 rod rod 4096 Jun 18 21:47 back
drwxr-xr-x 20 root root 4096 Jun 12 13:36 e79ab37e-4f0a-4913-8748-3a86511acba6
rod@rod:~$
rod@rod:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 118.2M 1 loop /snap/core/15419
loop1 7:1 0 4K 1 loop /snap/bare/5
loop2 7:2 0 116.8M 1 loop /snap/core/14946
loop3 7:3 0 63.5M 1 loop /snap/core20/1891
loop4 7:4 0 63.4M 1 loop /snap/core20/1950
loop5 7:5 0 73.9M 1 loop /snap/core22/766
loop6 7:6 0 73.8M 1 loop /snap/core22/750
loop7 7:7 0 240.6M 1 loop /snap/firefox/2356
loop8 7:8 0 244.5M 1 loop /snap/firefox/2800
loop9 7:9 0 346.3M 1 loop /snap/gnome-3-38-2004/119
loop10 7:10 0 349.7M 1 loop /snap/gnome-3-38-2004/140
loop11 7:11 0 460.7M 1 loop /snap/gnome-42-2204/105
loop12 7:12 0 466.5M 1 loop /snap/gnome-42-2204/111
loop13 7:13 0 91.7M 1 loop /snap/gtk-common-themes/1535
loop14 7:14 0 45.9M 1 loop /snap/snap-store/638
loop15 7:15 0 12.3M 1 loop /snap/snap-store/959
loop16 7:16 0 53.3M 1 loop /snap/snapd/19361
loop17 7:17 0 53.3M 1 loop /snap/snapd/19457
loop18 7:18 0 304K 1 loop /snap/snapd-desktop-integration/49
loop19 7:19 0 452K 1 loop /snap/snapd-desktop-integration/83
sda 8:0 0 447.1G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 513M 0 part
└─sda3 8:3 0 446.6G 0 part /media/rod/e79ab37e-4f0a-4913-8748-3a86511acba6
sdb 8:16 0 1.8T 0 disk
├─sdb1 8:17 0 1M 0 part
├─sdb2 8:18 0 513M 0 part
└─sdb3 8:19 0 1.8T 0 part /media/rod/7dedba01-aca7-407e-b72b-c670c6ebe817
sdc 8:32 0 223.6G 0 disk
├─sdc1 8:33 0 1M 0 part
├─sdc2 8:34 0 513M 0 part /boot/efi
└─sdc3 8:35 0 223.1G 0 part /var/snap/firefox/common/host-hunspell
/
sdd 8:48 0 931.5G 0 disk
├─sdd1 8:49 0 488.3G 0 part
└─sdd2 8:50 0 443.2G 0 part /run/timeshift/backup
/media/rod/back
sde 8:64 1 28.6G 0 disk
└─sde1 8:65 1 28.6G 0 part /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1
sr0 11:0 1 1024M 0 rom
sr1 11:1 1 2K 0 rom
rod@rod:~$
rod@rod:~$ fdisk -l
fdisk: cannot open /dev/loop0: Permission denied
fdisk: cannot open /dev/loop1: Permission denied
fdisk: cannot open /dev/loop2: Permission denied
fdisk: cannot open /dev/loop3: Permission denied
fdisk: cannot open /dev/loop4: Permission denied
fdisk: cannot open /dev/loop5: Permission denied
fdisk: cannot open /dev/loop6: Permission denied
fdisk: cannot open /dev/loop7: Permission denied
fdisk: cannot open /dev/sda: Permission denied
fdisk: cannot open /dev/sdb: Permission denied
fdisk: cannot open /dev/sdc: Permission denied
fdisk: cannot open /dev/loop8: Permission denied
fdisk: cannot open /dev/loop9: Permission denied
fdisk: cannot open /dev/loop10: Permission denied
fdisk: cannot open /dev/loop11: Permission denied
fdisk: cannot open /dev/loop12: Permission denied
fdisk: cannot open /dev/loop13: Permission denied
fdisk: cannot open /dev/loop14: Permission denied
fdisk: cannot open /dev/loop15: Permission denied
fdisk: cannot open /dev/loop16: Permission denied
fdisk: cannot open /dev/loop17: Permission denied
fdisk: cannot open /dev/loop18: Permission denied
fdisk: cannot open /dev/loop19: Permission denied
fdisk: cannot open /dev/sdd: Permission denied
fdisk: cannot open /dev/sde: Permission denied
rod@rod:~$
So I’m going to format that output for readability :
rod@rod:~$ ls -al /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1/
total 56
drwxr-xr-x 3 root root 4096 Jun 27 16:42 .
drwxr-x—+ 6 root root 4096 Jun 27 18:25 …
drwx------ 2 root root 16384 Jun 27 16:34 lost+found
-rw-r–r-- 1 root root 32009 Dec 8 2022 Passwords.ods
rod@rod:~$
rod@rod:~$ ls -al /media/rod/
total 24
drwxr-x—+ 6 root root 4096 Jun 27 18:25 .
drwxr-xr-x 4 root root 4096 Jun 27 13:14 …
drwxr-xr-x 20 root root 4096 Jun 12 11:35 7dedba01-aca7-407e-b72b-c670c6ebe817
drwxr-xr-x 3 root root 4096 Jun 27 16:42 9b7ac9d3-347b-4c3e-a729-4127378ddca1
drwxrwx— 6 rod rod 4096 Jun 18 21:47 back
drwxr-xr-x 20 root root 4096 Jun 12 13:36 e79ab37e-4f0a-4913-8748-3a86511acba6
rod@rod:~$
And :
rod@rod:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
...
sda 8:0 0 447.1G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 513M 0 part
└─sda3 8:3 0 446.6G 0 part /media/rod/e79ab37e-4f0a-4913-8748-3a86511acba6
sdb 8:16 0 1.8T 0 disk
├─sdb1 8:17 0 1M 0 part
├─sdb2 8:18 0 513M 0 part
└─sdb3 8:19 0 1.8T 0 part /media/rod/7dedba01-aca7-407e-b72b-c670c6ebe817
sdc 8:32 0 223.6G 0 disk
├─sdc1 8:33 0 1M 0 part
├─sdc2 8:34 0 513M 0 part /boot/efi
└─sdc3 8:35 0 223.1G 0 part /var/snap/firefox/common/host-hunspell
/
sdd 8:48 0 931.5G 0 disk
├─sdd1 8:49 0 488.3G 0 part
└─sdd2 8:50 0 443.2G 0 part /run/timeshift/backup
/media/rod/back
sde 8:64 1 28.6G 0 disk
└─sde1 8:65 1 28.6G 0 part /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1
sr0 11:0 1 1024M 0 rom
sr1 11:1 1 2K 0 rom
Please run
sudo fdisk -l /dev/sde
and (while the thumb drive is inserted and mounted)
mount |grep media
One thing you could try also is
sudo chown -Rf rod:rod /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1/
2 Likes
Thank you Dan for all your help,
The last command you gave me fixed my problem: sudo chown -Rf rod:rod /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1/
I will attach the last 2 tests you asked for.:
rod@rod:~$ sudo fdisk -l /dev/sde
[sudo] password for rod:
Disk /dev/sde: 28.64 GiB, 30752636928 bytes, 60063744 sectors
Disk model: Ultra
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x9bbef110
Device Boot Start End Sectors Size Id Type
/dev/sde1 2048 60063743 60061696 28.6G 83 Linux
AND.
rod@rod:~$ mount |grep media
/dev/sde1 on /media/rod/9b7ac9d3-347b-4c3e-a729-4127378ddca1 type ext4 (rw,nosuid,nodev,relatime,errors=remount-ro,uhelper=udisks2)
/dev/sdd2 on /media/rod/back type ext4 (rw,nosuid,nodev,relatime,errors=remount-ro,uhelper=udisks2)
The only other help I need now, is to give you the tick for solving this problem. I’m not sure where to look.
Rodney Jackson
Yeah - looks solved to me - just needed to see fdisk output and mount output to confirm it was ext4…
I think you can mark this as resolved by checking the “[ ] Solution” button at the bottom of a post… But I can’t see that option - so I can’t mark it resolved…
(that’s from a thread that I started / own)
1 Like
I think only the person who started the topic can mark it as resolved.
Maybe admin can do it too?
2 Likes
Found it Dan and Neville, at the bottom of the post there are a couple of things, there is “More” I clicked that and up comes the solution option.
Thanks again for the help.
Rod.
4 Likes
@daniel.m.tripp Dan, whenever I format USB drives, the “Disks” app asks me if I’d like to format “compatible with all systems” - FAT32, and I almost always choose that. I’ve seldom had a problem accessing files on the USB drive. I’m using the same system to write that I use to read, though. How is it that files on USB come to be inaccessible? I think in the distant past I did have some problems with ownership of USB files.
Well FAT32 is not compatable with everything
If your ext4 filesystem on Linux has links and file permissions, you will lose those when you copy it to FAT32. Not sure what happens with file dates. The actual file content should be OK.
1 Like
100%
If you want security on your files on your thumb drive - then you DON’T want “Fat32” or “vfat” or whatever… Sure - something else is less likely to be usable or visible on other systems, e.g. I can’t read ext4 on my MacBook (well I could, but that’s another story, for another day).
If you want some kinda security on your files on your flash drive, you need ext2, 3 or 4… I wouldn’t recommend it - but - NTFS has security features… But I’ve usually had trouble with NTFS on Linux or Mac systems - so I don’t use it…
Fat32 dates back to Window 95 times… INSECURE… i.e. it’s nearly 30 years old… Back when maybe 1 in 10 people had a PC, and most of the time, data was moved via the “sneakernet” (i.e. you put your thing on a floppy and walked to the other location in your sneakers).
Of course other options are to continue to use Fat32 - but secure your file some other way. e.g. a list of passwords? Use a Keepass KDBX file on the flash drive…
Create a “crypt” file on there using VeraCrypt, and keep the OpenOffice document with your passwords in that “crypt” (that’s like an encrypted ZIP file, but more secure than just plain “ZIP”).
Choices :
- NEVER accept the default of Fat32 - go for ext2, 3 or 4 (the relative merits of each are off topic)
- Keep your passwords in a more secure format (e.g. keepass kdbx database file on the USB)
- Format your USB stick as ext4 and use file ownership and permissions (e.g. chown, and chmod)
- Use Fat32, and put a VeraCrypt “crypt” file on there…
- Purchase a specific SECURE thumb drive with encryption - but - there’s a VERY good chance the vendor does NOT support Linux (so unreadable, on Linux!)
Sorry - I have no idea mate - I don’t go that deep into stuff, I work around and within the limitations imposed by the system developers…