On 10/17/2012 05:34 PM, Marc Deslauriers wrote:
On 12-10-17 03:52 PM, John Moser wrote:
First, he must find the sysadmin. The sysadmin must then put wriker
in group jkirk. Also, ~jkirk must be group-readable, as must any
files.
In a default Ubuntu installation, jkirk's files are already accessible
to other users.
Yeah I just looked and saw that, my whole $HOME is world-readable.
This displeases me. I'd prefer default $HOME chmod 700.
A user can't change permissions on his $HOME by himself. Only a sysadmin
can.
$ ls -ld ~
drwxr--r-x 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
$ chmod go-rx ~
$ ls -ld ~
drwx------ 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
$ setfacl -m u:root:r ~
$ getfacl ~
# file: home/bluefox
# owner: bluefox
# group: bluefox
user::rwx
user:root:r--
group::---
mask::r--
other::---
Try again.
This only works if the user default umask is 002, which wouldn't be the
case if you're not using User Private Groups.
Well, it's the case now; and if we leave it the case and make ACL
handling more intuitive, then it'll all work. Changing $HOME to 700
instead of 755 would adequately protect the user's private files in
$HOME even with a umask of 002, since you simply can't look into $HOME
to read/modify those files anyway.
The only other thing needed would then be a "Shared Documents" alike
(borrowing from Windows again--it's a pile of crap but that doesn't mean
everything associated is terrible by default) supplying a place for
folks to put shared files or such secured shared folders, made sticky of
course.
Marc.
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
