Why can I access my home directory when booting from an external drive?

Question

I run fedora 30 on my computer. As user foo, my home directory rights look like this:

[foo@localhost]$ ls -l /home/
drwx------. 41 foo  foo  4.0K Jul 12 11:23 foo
drwx------.  2 root root  16K Jul 18  2018 lost+found

When I boot from a usb drive (fedora 30 again), mount the local home partition and check ownership, this is what I get.

[liveuser@pendrive]$ cd <path/to/mounted/home>
[liveuser@pendrive]$ ls -l
drwx------. 41 liveuser liveuser 4.0K Jul 12 11:23 foo
drwx------.  2 root     root      16K Jul 18  2018 lost+found

Then as liveuser, I can access the directory foo, read and write on files with user-only rights.

The uid of: liveuser on the usb stick, and foo on the local hard drive; are both 1000. My guess is that this is the origin of the problem and both users are considered to be the same.

Is this behavior expected ? If so, how can this be fixed ?

Answer 1

This behaviour is to be expected (Indeed as someone who uses Linux extensively its difficult to understand what you are trying to do).

You are correct that the userid maps to a number, and it is the number, not the name associated with it that the filesystem records. I guess a workarround would to be to assign foo a high userid. Normally userIDs start at 500 or 1000, so assigning one of say 3500 might help?

Of-course, if you boot from A USB this is easily defeated by becoming root and reading or chowning the files. Maybe look at home directory encryption to tie reading the files to a password?