Change edubuntu's default permissions?

Joseph Bishay joseph.bishay at gmail.com
Wed May 29 20:43:33 UTC 2013 

Thanks for everyone's advice and feedback.

I was able to resolve it for the existing accounts and I will look
into how to set it for future accounts.

For those who asked -- I used webmin to create accounts.  I have a
script in a spreadsheet where I just put in the user's first and last
name and then it will auto generate the necessary script lines and
then I can batch create 200 users with one copy-paste command.

Thanks
Joseph

On Mon, May 27, 2013 at 11:20 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> On 05/27/2013 10:56 PM, Joseph Bishay wrote:
>> Hello,
>>
>> So today we just realized that everyone on our server can navigate into everyone else's /home directory and open all their files!
>>
>> Looking online it appears this is ubuntu's default permission setting. This is rather strange and a disaster for us as teachers have private student marks, comments, tests etc the student can access now!
>>
>> So my first question - is there a script or simple command to change all the permissions so everyone can only access their own files?
>>
>> Second - how to permanently fix this so new accounts don't inherent this weird permission structure!
>>
>> Thank you kindly!
>> Joseph
>>
>> P.S. This is a really strange default setup - I've been getting irate emails from staff and admin wondering what kind of system (ie: Linux) would allow students to access teacher folders etc. Hopefully the fix is simple and fast so I can pass it off as something minor. Thanks!
>
> "sudo chmod 700 /home/*" will change the permissions of all entries
> under /home so that only the owner (and root) may be able to access them.
>
> Changing this for new users is a bit tricky as it depends on the tool
> used to create the users. If using adduser, you may change
> /etc/adduser.conf changing DIR_MODE=0755 to
> DIR_MODE=0700 which should then apply to any new user created with that
> tool.
>
> On machines where the home directories are shared between many users,
> you usually want to use a centralized authentication source and detailed
> ACLs for things like home directories. So you can for example allow
> teachers or your staff to access the students home directories, yet
> prevent the students from accessing anyone's home directories but their own.
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
>
> --
> edubuntu-users mailing list
> edubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>

More information about the edubuntu-users mailing list