How is file ownership affected across different systems?
As I understand Unix file systems, any file on a unix system must belong to a group and a user of the said system. A file cannot belong to a group or user that does not exist on the system.
From that assumption, there are a few questions that come to mind. What happens to the group and user attributes when media is transferred between computers, be it via a flash drive, a CDROM or a network share. To whom does the file belong in the new system?
Can you limit the data to only work on your system? (Not talking about encryption here, just basics.)
Also, when you transfer data between two computers, are there ways to ensure that the group and user attributes stay intact (what belongs to root will belong to root on the new system and the same with the normal user).
Each file and directory in most Unix filesystems have an associated numeric group and user id. Then there is a mapping (/etc/passwd for users and /etc/group for groups) of ids to names. When you transfer a file to another system, the numeric ids stay the same. There may not be an name with that id on the new system. So if you do a ls -l, you will see numbers instead of user names.
The root user always has user id 0, so it will be the same on every system. If you intend to move files often, you should make sure that users that are common between the two systems have the same user id on each.
On all native unix filesystems, file ownership is stored in the form of user and group IDs. This is also the case for basic NFS operation (although there are other possibilities at least in NFSv4) and for traditional unix archive formats such as tar.
A file can in fact belong to a user or group that doesn’t exist. The file belongs to a particular ID, but there’s no obligation that the ID is listed in /etc/passwd or other user or group database. For example, if you store your user database on NIS or LDAP, and the database server is temporarily inaccessible, the users’ files still exist.
When you carry removable media from one system to another, you should either ensure that user and group IDs match where relevant, or ignore ownership (e.g. by using a non-unix filesystem). Root is a bit of a special case because its defining characteristic is that the user ID is 0, everywhere.
The only way to control what someone in physical possession of the media will do with the data is to use an intrinsic means of protection, i.e., one that is not dependent on how they access the system, and keep something to yourself. You can use a mathematical means of protection: cryptography (encryption for confidentiality, signing for integrity; you keep the password to yourself), or a physical means of protection (e.g. a locked box).