DropBox Security Question

  • Avatar

    Posted: 16 July 2012 11:42 PM

    So with the demise of iDisk I decided to go over to DropBox. Everyone else seemed to be using it with no problems. So I downloaded DropBox and it installed just fine.

    The trouble was when I started the program for the first time. It gave me a pop-up asking for my Password to give DropBox permission to “Change Permissions for the folder ./users/<myname>. My Home folder.

    Maybe it’s because I’m a security obsessed IT geek but my immediate reaction was “No Bloody Way”. Yes there was a link on the pop up window to explain rights errors, but in my mind these are the people trying to steal my data. I’m not going to rely on THEM for an explanation.

    Why would DropBox need any rights whatsoever to anything outside of it’s own application? It’s a remote file storage utility. I put files out there so people can pick them up. It shouldn’t give rights to anyone for anything on my system. I’ve installed other programs that did a lot more and if they needed elevated rights they were for a small section, not my whole Home folder. Even torrent clients let you specify what single folder you’re going to share. I can’t for the life of me figure out why DropBox needs god-rights to my entire Home folder. More precisely I can think of no legitimate, non larcenous reason DropBox would want these rights.

    Until I get a satisfactory answer to this there’s no way I’m running DropBox.

    Anyone want to take a stab at this?

    [ Edited: 17 July 2012 08:51 AM by geoduck ]

    Signature

    Take Only Pictures, Leave Only Footprints
    Is No Way To Run An Art Gallery

         
  • Posted: 18 July 2012 11:56 AM #1

    Dropbox is different from other online file storage systems in that it integrates with the host operating system to synchronize a designated folder (whether on Mac OS or Windows) with your Dropbox content on their website.  You do not have to give Dropbox rights to your entire Documents folder; instead, just specify a subfolder where Dropbox can do its thing.  In this way, it is similar to iDisk with sync turned on.  Furthermore, you can selectively sync certain subfolders on some machines and not others.  Another plus is the option to share some subfolders—good for multi-person households or collaboration.

    I can’t attest to the security of Dropbox vs. any other cloud-based storage solutions.  They can assert that your data is secure, and that transactions are protected by SSL encryption.  But at some point you do need to take a leap of faith that any cloud-based storage solution, whether from Apple, Citrix, Box.net, Amazon or Microsoft entails a certain level of trust that the provider will adequately secure your data from shenanigans.  And with that leap of faith, you may chose to leave some of your most sensitive data firmly terrestrial rather than entrusting it to the clouds.

         
  • Avatar

    Posted: 18 July 2012 01:04 PM #2

    gwbeckett - 18 July 2012 02:56 PM

    You do not have to give Dropbox rights to your entire Documents folder; instead, just specify a subfolder where Dropbox can do its thing.

    I’ll have to check when I get home but I don’t believe it gave me the option to select a folder.

    Signature

    Take Only Pictures, Leave Only Footprints
    Is No Way To Run An Art Gallery

         
  • Avatar

    Posted: 18 July 2012 02:52 PM #3

    The default (unless it’s changed) is to create a folder “Dropbox” in your home folder.  I would imagine that if your home folder is locked down the Dropbox installer couldn’t create this folder.  Perhaps try creating it in advance with permissive rights.

         
  • Avatar

    Posted: 18 July 2012 10:43 PM #4

    webjprgm - 18 July 2012 05:52 PM

    The default (unless it’s changed) is to create a folder “Dropbox” in your home folder.  I would imagine that if your home folder is locked down the Dropbox installer couldn’t create this folder.  Perhaps try creating it in advance with permissive rights.

    Didn’t work. I checked the error more deeply and it wants to create both a folder Dropbox and a hidden folder .dropbox. I created the former but the latter is only possible for system / root.

    Not inspiring confidence.

    And I looked through the installation and I can’t find anywhere to set the DropBox root folder.

    [ Edited: 18 July 2012 10:51 PM by geoduck ]

    Signature

    Take Only Pictures, Leave Only Footprints
    Is No Way To Run An Art Gallery

         
  • Avatar

    Posted: 19 July 2012 11:54 AM #5

    geoduck - 19 July 2012 01:43 AM
    webjprgm - 18 July 2012 05:52 PM

    The default (unless it’s changed) is to create a folder “Dropbox” in your home folder.  I would imagine that if your home folder is locked down the Dropbox installer couldn’t create this folder.  Perhaps try creating it in advance with permissive rights.

    Didn’t work. I checked the error more deeply and it wants to create both a folder Dropbox and a hidden folder .dropbox. I created the former but the latter is only possible for system / root.

    Not inspiring confidence.

    And I looked through the installation and I can’t find anywhere to set the DropBox root folder.

    Ah, it looks like Lion (or did Snow Leopard do that too?) does not let you create folders starting with “.” from the Finder.  You don’t need to be root, but you do need to use Terminal to do it.  (Open Terminal, that should start in your home directory by default, type “mkdir .dropbox”.)

    The hidden .dropbox folder on my system contains:
    config.db
    config.dbx
    dropbox.pid
    filecache.dbx
    finderplugin/
    host.db
    host.dbx
    hostkeys
    l/
    photo.dbx
    sigstore.dbx
    unlink.db

    That “l” subdirectory contains a bunch of files with numerical names, I’m assuming they are cached packets of file changes.

    So, it looks like this is where Dropbox keeps it’s preferences and stuff that belongs in Application Support.

    All files are owned by my user, readable by everyone but writable by user only.  If those files contain secret keys, though, they probably should not be world-readable.  hmmm

         
  • Posted: 25 July 2012 01:02 AM #6

    Just my two cents, Dropbox rocks.  Its also really hand to move files between mac and pc.  I have a pc at work and i have to use ntfs and bootcamp to run certain applications on my macbook.  Dropbox just copies them from one machine to another. Personally, it is also handy for recipes. If i find something good on the web while on lunch, i PDF a copy to dropbox (i have a recipes folder), then when i go to the store after work, its on my iPhone and when i get home i open my laptop and its there.

         
  • Posted: 09 August 2012 01:57 PM #7

    Did you ever get this figured out? I wonder if there was something off about the permissions with your home folder. I’ve installed Dropbox on several computers and it has never needed a password to create its sync folder.

         
  • Avatar

    Posted: 10 August 2012 11:20 AM #8

    I fiddled with it a little more and then got pulled off onto other projects. So far I haven’t been able to work around this ‘wanting to take control of my home folder’ issue.

    Oh and to Christopher Atkin:
    Yes I’ve heard a lot of good things about DropBox. I’d love to start playing with it. But so far I haven’t got it running at a level of access restriction I’m comfortable with.

    Signature

    Take Only Pictures, Leave Only Footprints
    Is No Way To Run An Art Gallery

         
  • Avatar

    Posted: 10 August 2012 11:52 AM #9

    David Nelson - 09 August 2012 04:57 PM

    I wonder if there was something off about the permissions with your home folder.

    I just Got Info on my Home folder.
    <myuserid> Read and Write
    Staff Read Only
    Everyone Read Only

    Signature

    Take Only Pictures, Leave Only Footprints
    Is No Way To Run An Art Gallery

         
  • Posted: 10 August 2012 11:54 AM #10

    Hmm, odd. Sounds like it shouldn’t need special permissions then. All it does is create a folder called “Dropbox” in your home.