On Thu, Feb 17, 2011 at 11:55:16AM -0500, Martin Owens wrote: > > 0755 is not inherently insecure. Others can't make any changes, but > > they can look. The only issue here is accidental disclosure of > > information intended to be private. > > If public by default is the way we want to go, then why not have a > Private folder be default in the users home directory? Combined with the > indication emblem in nautilus; this might provide a space for users to > put data. ATM it's too hard to teach users how to secure a folder or > even how to set up an encrypted folder.
I think this is an excellent idea, because the presence of a "private" folder in the user's home implicitly implies that the rest of the home is /not/ private, i.e. is self-documenting. We could even put a README file inside explaining what the purpose is, and how to change the permissions should they want to. We could even do the opposite (create a "public" folder) if the permissions are 0750, though this would require either 0751 or ACLs to be actually accessible. Again, we could include a README file instructing the user how to do this. The Nautilus emblems idea is, I think, a fairly straightforward exercise should we wish to do this. I already puts "no entry" emblems on folders you don't have permission to enter, so it's not a big change to additionally flag up folders which other have read and write access to. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
signature.asc
Description: Digital signature