Change edubuntu's default permissions?
Stéphane Graber
stgraber at ubuntu.com
Tue May 28 03:20:22 UTC 2013
On 05/27/2013 10:56 PM, Joseph Bishay wrote:
> Hello,
>
> So today we just realized that everyone on our server can navigate into everyone else's /home directory and open all their files!
>
> Looking online it appears this is ubuntu's default permission setting. This is rather strange and a disaster for us as teachers have private student marks, comments, tests etc the student can access now!
>
> So my first question - is there a script or simple command to change all the permissions so everyone can only access their own files?
>
> Second - how to permanently fix this so new accounts don't inherent this weird permission structure!
>
> Thank you kindly!
> Joseph
>
> P.S. This is a really strange default setup - I've been getting irate emails from staff and admin wondering what kind of system (ie: Linux) would allow students to access teacher folders etc. Hopefully the fix is simple and fast so I can pass it off as something minor. Thanks!
"sudo chmod 700 /home/*" will change the permissions of all entries
under /home so that only the owner (and root) may be able to access them.
Changing this for new users is a bit tricky as it depends on the tool
used to create the users. If using adduser, you may change
/etc/adduser.conf changing DIR_MODE=0755 to
DIR_MODE=0700 which should then apply to any new user created with that
tool.
On machines where the home directories are shared between many users,
you usually want to use a centralized authentication source and detailed
ACLs for things like home directories. So you can for example allow
teachers or your staff to access the students home directories, yet
prevent the students from accessing anyone's home directories but their own.
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/edubuntu-users/attachments/20130527/a02f164d/attachment.pgp>
More information about the edubuntu-users
mailing list