Re: Problem attempting to use xorriso

[Richard Owlett <rowlett@cloud85.net>]

On 11/10/2016 5:20 AM, tomas@tuxteam.de wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, Nov 10, 2016 at 04:53:47AM -0600, Richard Owlett wrote:
> > On 11/9/2016 5:16 PM, Lisi Reisz wrote:
> > > On Sunday 06 November 2016 16:47:00 Richard Owlett wrote:
> > > > [snip]
> > > > Based on responses to previous posts titled "Trivial script will
> > > > NOT execute" and "Permissions for an entire PARTITION" I have
> > > > multiple problems understanding Linux file systems generally.
> > >
> > > I imagine you have seen this lot - especially the top three??
> > > https://www.google.co.uk/search?q=basic+debian+file+system&oq=basic+debian+file+system&aqs=chrome..69i57.7617j0j7&sourceid=chrome&ie=UTF-8
> > >
> > > Lisi
> >
> > Yes, but not in the context of a sub-project from last few days.
> > I suspect what I aiming at might look like - the groups and
> > permission bits set at time partition created, thus avoiding games
> > with /etc/fstab .
> >
> > richard@jessie-defaults:~$
> > richard@jessie-defaults:~$ ls -l /dev/sd*
> > brw-rw---- 1 root disk 8,  0 Nov 10 03:35 /dev/sda
> > brw-rw---- 1 root owl  8,  1 Nov 10 03:35 /dev/sda1
> > brw-rw-r-- 1 root owl  8,  2 Nov 10 03:35 /dev/sda2
> > brw-rw---- 1 root disk 8,  3 Nov 10 03:35 /dev/sda3
> > brw-rw---- 1 root disk 8,  5 Nov 10 03:35 /dev/sda5
> > brw-rw---- 1 root disk 8, 16 Nov 10 04:43 /dev/sdb
> > br--rw-r-- 1 root owl  8, 17 Nov 10 04:43 /dev/sdb1
>
> Note that with this setting, "you" can thrash whatever is in /dev/sda
> through /dev/sdb (write access).

I don't understand.

> Besides "everyone" can peek into /dev/sda2 and /dev/sdb1.

That was intentional ;)
The project I have in mind is a very custom repository. The set 
of files on sda2 would be almost final versions for use on my 
local machine. The files on the flash drive would be final 
release for use on someone else's machine.
> And by "you" I'm talking about any program running on your behalf,
> i.e. an executable attachment to this mail which your mail reader
> might let through, or a LaTeX class c&p'ed off the Interwebs.
>
> This is not to scare you: just to help you tune your awareness
> towards such things.

It doesn't "scare" me for a very good reason - the system in 
question has no network capability, let alone internet access. In 
fact the particular laptop had its disk wiped and a fresh install 
of Debian 3 times yesterday.

Also, as this is a publicly readable list, it is *EXTREMELY OK* 
to add warnings.,
I may be a raw newbie to Linux but have had much contact with 
"shoot self in foot" syndrome, both as subject and as rescuer ;/

Your response is encouraging, I am understanding more of how 
Debian reports information, even if I don't know how to put my 
system in the reported state.

Lets analyze the above *FICTITIOUS* system - "Am I interpreting 
each line correctly?"

I see no problem with the lines
   brw-rw---- 1 root disk 8,  0 Nov 10 03:35 /dev/sda
   brw-rw---- 1 root disk 8, 16 Nov 10 04:43 /dev/sdb
They are copied from a standard install. /dev/sda is my internal 
hard disk and /dev/sdb is a USB flash drive. They are owned by 
"root" and accessible by members of "disk".

These lines should be harmless
   brw-rw---- 1 root disk 8,  3 Nov 10 03:35 /dev/sda3
   brw-rw---- 1 root disk 8,  5 Nov 10 03:35 /dev/sda5
as they are also from defaults ( sda3 has Debian and sda5 is swap)

Now for my strange lines.

brw-rw---- 1 root proj2 8, 1 Nov 10 03:35 /dev/sda1
My previous use of "owl" as a group designation may have confused 
things.
On my system I am "richard" who is a member of group "richard".
"owl" was chosen as a group designation to avoid any accidental 
name collision.
In actual use there would likely be groups "proj1", "proj2", and 
"proj3" for separate projects. User "richard" would be a member 
of groups "richard" and "proj3" but not of "proj1" or "proj2".

I see no potential problem with this line. User "root" and 
members of "proj2" have read/write permissions. Execute 
permissions would be bogus as these partitions explicitly contain 
only data. No access for others.

As stated above sda2 is world readable as it contains a late 
pre-release copy of my custom repository.
brw-rw-r-- 1 root proj3 8, 2 Nov 10 03:35 /dev/sda2

Similarly for sdb1. Did not give "root" write permission as a 
precaution against accidental corruption as it is a removable 
drive which may be used anywhere. It is not intended to give 
protection from malicious changes.
br--rw-r-- 1 root proj3 8, 17 Nov 10 04:43 /dev/sdb1

These indicate desired results. How much effort required to 
obtain ?????

Thank you for your time.









> > > > If retirement isn't for learning, what use is it.
>
> :-)
>
> regards
>
> - -- tomás
>     "I'm a signature virus. Go ahead and copy me into your signature"
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iEUEARECAAYFAlgkV/4ACgkQBcgs9XrR2kZQSQCY+9nfiKPCIxbQ7Q2qedmSt1dS
> NgCfYroYPuSLFKLe7SlsLN+vMBe1GH8=
> =j2Ks
> -----END PGP SIGNATURE-----