Going nutz in "Ignore Permisions" land...

I have a recently purchased intel mac mini that I have attached an external drive to hold my Users... I disabled the "Ignore Permissions" on the drive using the command line... BUT any user on the box, can now go into the volume info, and re-select this option.

I have searched and searched and searched and searched, and so far have not come up with a way to make a volume be unable to set that option.

There is a setting "Can Turn Owners Off" in disk utility on the info for the drive, but no way to disable that option (that I have found.)

Anyone have any ideas on how close this obvious security issue?

Are these users admins?

I note that 'hdiutil' has a "-owners" option.

Are these users admins?

No, as I understand it /any/ user can enable "Ignore Owner" on external drives.

I note that 'hdiutil' has a "-owners" option.

Only when "attach"ing a disk image, in this case it is an external disk, not an image.

No, as I understand it /any/ user can enable "Ignore Owner" on external drives.
You say "as I understand it" as if you haven't tried it.
You need to try it.
I would seem to me (in theory, I haven't tried it either as I don't have an external disk handy) the user who mounted the disk should be able to change that setting, but other non-admin users should not be able to change that setting on a disk that is already mounted.

I.e. it may depend on whether the disk was mounted before the user logged in or not.

As far as I remember, in pre-Tiger versions of OS X, unfortunately, any user can turn this on/off. If you have data that needs to be protected, you should consider using a password encrypted disk image.

However, in Tiger, with the Ignore Perms box unchecked and the permissions set so "Others" have no access to the volume, it won't even show up on the Desktop.

Just tested on 10.4.5. against a non-admin user.

It's pretty difficult (in practice and also in theory) to secure an external or removable volume. If it's a setting that can be controlled by "the user who was logged in when it was mounted", what happens if it's mounted then some other user toggles its power switch?--now it gets mounted while this other formerly not-in-control user is logged in.

It's pretty difficult (in practice and also in theory) to secure an external or removable volume. If it's a setting that can be controlled by "the user who was logged in when it was mounted", what happens if it's mounted then some other user toggles its power switch?--now it gets mounted while this other formerly not-in-control user is logged in.
Sure - all of this is only useful in a situation where the Mac is physically inaccessible to the user. E.g. when it is in a locked computer room, with a long monitor cable (or Synergy) to bring the display to where the user is. Or in a kiosk situation where the guts are inaccessible behind Plexiglas.

I found another way around it myself.... after much frustration, with some side effects that I had wanted anyway...

First to note to dmacks, yes we are assuming lack of access to the machine since even the startup disk can be enabled to ignore owners if the machine is booted in target firewire mode.

Note to yellow... I will have to tinker with the permissions as well... but for everyones edification, here are a few of my "favorite" things ;)

First off using /Developer/Tools/SetFile I made the /Volumes/name directory invisible to finder... that got rid of it from the desktop and from "My Computer" or whatever it is called that I never enable...

But it left it in the sidebar, so I removed it from my sidebar, looked at the settings in com.apple.sidebarlists.plist on my account, added the appropriate set of entries into /Library/Preferences/com.apple.sidebarlists.plist so it would hide it in everyones... and that got rid of it effectively for the user accounts, I tried to find a way to bring it back in such a way as they have the option after doing the above and couldn't find one.

Last step, I created a symbolic link to it on my desktop so I could get at it and even the symlink cannot enable that option.

Anyone see any gaps?

You say "as I understand it" as if you haven't tried it.
You need to try it.
I would seem to me (in theory, I haven't tried it either as I don't have an external disk handy) the user who mounted the disk should be able to change that setting, but other non-admin users should not be able to change that setting on a disk that is already mounted.

I.e. it may depend on whether the disk was mounted before the user logged in or not.

I tried it and they could... but that was before I was pre-mounting the drive before login... so I am not sure if they can anymore since I have made a bunch of changes (see below) that make me unable to test it anymore :)