Default group
John Moser
john.r.moser at gmail.com
Wed Oct 17 21:45:26 UTC 2012
On 10/17/2012 05:34 PM, Marc Deslauriers wrote:
> On 12-10-17 03:52 PM, John Moser wrote:
>>
>> First, he must find the sysadmin. The sysadmin must then put wriker
>> in group jkirk. Also, ~jkirk must be group-readable, as must any
>> files.
>
> In a default Ubuntu installation, jkirk's files are already accessible
> to other users.
Yeah I just looked and saw that, my whole $HOME is world-readable.
This displeases me. I'd prefer default $HOME chmod 700.
>
>
> A user can't change permissions on his $HOME by himself. Only a sysadmin
> can.
$ ls -ld ~
drwxr--r-x 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
$ chmod go-rx ~
$ ls -ld ~
drwx------ 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
$ setfacl -m u:root:r ~
$ getfacl ~
# file: home/bluefox
# owner: bluefox
# group: bluefox
user::rwx
user:root:r--
group::---
mask::r--
other::---
Try again.
>
> This only works if the user default umask is 002, which wouldn't be the
> case if you're not using User Private Groups.
Well, it's the case now; and if we leave it the case and make ACL
handling more intuitive, then it'll all work. Changing $HOME to 700
instead of 755 would adequately protect the user's private files in
$HOME even with a umask of 002, since you simply can't look into $HOME
to read/modify those files anyway.
The only other thing needed would then be a "Shared Documents" alike
(borrowing from Windows again--it's a pile of crap but that doesn't mean
everything associated is terrible by default) supplying a place for
folks to put shared files or such secured shared folders, made sticky of
course.
>
> Marc.
>
>
More information about the Ubuntu-devel-discuss
mailing list