Access rights of apps to files on FAT32 formatted micro SD card?
asked 2016-01-07 01:02:04 +0200
Pictures and videos taken with the camera are normally owned by user "nemo" and belong to group "privileged". Creating symlinks for the camera folders to a FAT32 formatted micro SD card results in the files being owned by user and group "nemo". This has turned out to be normal Linux behaviour for FAT32 partitions, because they do not support file permissions. That's also why the commands chown and chmod do not work.
What effects on access rights of apps to these files does this have ... a) for native apps? ... b) for Android apps?
How can I find out whether an app runs as "privileged" or not?
Can this problem (if it is one) eventually be solved by modifying etc/fsstorage.d/sd-storage-conf.xml or another config file, so that the whole partition is mounted with specific access rights?
My btrfs formatted uSD is mounted as nemo:nemo so there should not be problems as long as the group is nemo. Things like Settings and Phone run as privileged, stuff that is in between the user and root access and locked away from android. I got my Backup.tar and a Playlist folder on the SD that are nemo:privileged that is all.
chemist ( 2016-01-07 01:33:49 +0200 )editInteresting. So the SD card is always mounted as nemo:nemo by default, regardless of the file system. If I got you right, your answer indicates that all third party apps from Jolla Store run as unprivileged, because they do not offer root access in any way.
Perhaps I have not pointed out my concern clear enough.
The command "chown -v -R nemo:privileged [name_of_file]" works for symlinks in camera folders, but I get the error message "operation not allowed" when trying to do the same with a symlink for a folder of a screenshot app. I assume this means that unprivileged apps are not allowed to access folders owned by group privileged and thus is a kind of protection mechanismen for private data. I am afraid of unwillingly exposing my data to these unprivileged apps in case the partition on the SD card is owned by group nemo.
Laura ( 2016-01-07 15:25:12 +0200 )editUse an FS that supports permissions? Don't symlink config stuff there? Don't move your Backup.tar to uSD?!
chemist ( 2016-01-07 16:06:22 +0200 )editI can store my Backup.tar on the encrypted partition for private data on my computer, so this is no problem. Configuration files have small file sizes and are not of my personal interest, so there is no need for me to remove them from the internal storage.
The SD card is intended to be used for private data that take a lot of disc space like videos and/or need to easily be copied to my computer for back-up purposes preserving all timestamps by inserting the SD card in the slot of my device. As I have five Windows OS installations on three different devices, FAT32 seemed to be the best choice therefor. In addition, I want to protect my data on the phone/card from unauthorized access.
My aims are:
This question is about concern number 2.
First I need to find out whether the change of the ownership from nemo:privileged to nemo:nemo is in so far associated with a higher risk or has no effect at all, perhaps because apps are in general not allowed to access any other folders than their own ones, including Music folder for media players and so on.
Then I need to find a way to prevent apps from getting access to data on the external storage which they do not really need to function if this is not forbidden by default. I have searched online and discovered an instruction of how to mount a FAT32 partition on Linux systems in order to limit access rights. But it was talking about modifying a file in /etc/fsstab, and this folder does not exit on Sailfish. So I was hoping for an instruction of how to do this in case it is necessary.
Laura ( 2016-01-07 18:04:27 +0200 )editWhile the combination of 2. + 3. is in my opinion something you cannot achieve, oxymoron!
chemist ( 2016-01-08 10:59:28 +0200 )edit