thanks for the hint rocko, and thanks for the read sebastian bacher.
i know that we cant go around making the ntfs drive owned by the user, but
changing the fstab line to something like:
/dev/sda2 /c ntfs defaults,umask=007,uid=1000,gid=1000 0 1
gives some useful results at least:
files are deleted with a single delete key, and appear in trash:// but havent
been copied on to the other partition, but are rather stored in the folder
.Trash-1000. (if the fstab line is changed back, files in .Trash-1000 do not
appear in trash://), so it is all technologically possible
Security concerns dont really exist with trash folders on shared drives:
If you delete a file that was public on an ntfs drive, you expect it to go to
your trash, and will expect it to still be public, and if you really want to
get rid of it you will know you have to empty your trash. The problem set up in
gutsy was where file were deleted and then vanished from the gui, but still
existed on the hard drive, ie security worry as people thought it was gone, but
it wasnt. As the files are now in the gui there is no problem any more. This is
the expected behaviour.
If another user puts a file in your recycle bin maliciously, this can
hardly be called a security concern either. The idea of potentially a
malicious file appearing in your trash and you opening it is not really
something to worry about. The exact same thing could happen in the drive
itself, ie a user puts a malicious file in your reservered (ie by social
convention) folder on the ntfs drive, and you wonder where it is from
and open it. the fact that it is now the trash folder as well adds
nothing.
if each user has a seperate .trash-{user} folder on the ntfs drives, the above
concerns only exist if another user on the system goes out of their way to
either read someone elses trashed files, or to put a file into someone elses
trash folder. But as there is no concept of any security on this drive, this is
already the case: a user can go out of their way read someone else's files, or
to put something into someone else's reserved (ie by social convention) folder.
by putting an ntfs drive into your computer the users and admin have to accept
that there is a potential security hole through this drive, and are relying on
trust for your users, the trash is no different
all the technology is there now. the only worry is security concerns,
but they are really moot. We cant help people who have ntfs drives, they
know that security is weaker. They must accept that any files stored on
that partition are going to be public untill they are completely removed
(but now are not put under the false impression that they are gone), and
also that any other user is free to put any file onto that drive, which
you might bump into by accident.
i suggest using .trash-{user}, and having the contents of that folder
appear in the relevant user trash:// folder. if the admin cares about
security of files it will be obvious that no files should ever be stored
on the ntfs drive (or get rid of the drive), if the admin lets the users
store file on this drive, then it is clear that the admin is relying on
trust between the users when dealing with files on this drive, so the
trash system i just described is appropriate, and isnt any more
vulnerable to attack or security comprimise.
--
Cannot send files to trashcan from an ntfs partition
https://bugs.launchpad.net/bugs/192629
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
