Default group

John Moser john.r.moser at gmail.com
Wed Oct 17 21:45:26 UTC 2012



On 10/17/2012 05:34 PM, Marc Deslauriers wrote:
> On 12-10-17 03:52 PM, John Moser wrote:
>>
>> First, he must find the sysadmin.  The sysadmin must then put wriker
>> in group jkirk.  Also, ~jkirk must be group-readable, as must any
>> files.
>
> In a default Ubuntu installation, jkirk's files are already accessible
> to other users.

Yeah I just looked and saw that, my whole $HOME is world-readable.

This displeases me.  I'd prefer default $HOME chmod 700.

>
>
> A user can't change permissions on his $HOME by himself. Only a sysadmin
> can.

$ ls -ld ~
drwxr--r-x 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
$ chmod go-rx ~
$ ls -ld ~
drwx------ 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
$ setfacl -m u:root:r ~
$ getfacl ~
# file: home/bluefox
# owner: bluefox
# group: bluefox
user::rwx
user:root:r--
group::---
mask::r--
other::---

Try again.

>
> This only works if the user default umask is 002, which wouldn't be the
> case if you're not using User Private Groups.

Well, it's the case now; and if we leave it the case and make ACL 
handling more intuitive, then it'll all work.  Changing $HOME to 700 
instead of 755 would adequately protect the user's private files in 
$HOME even with a umask of 002, since you simply can't look into $HOME 
to read/modify those files anyway.

The only other thing needed would then be a "Shared Documents" alike 
(borrowing from Windows again--it's a pile of crap but that doesn't mean 
everything associated is terrible by default) supplying a place for 
folks to put shared files or such secured shared folders, made sticky of 
course.


>
> Marc.
>
>




More information about the Ubuntu-devel-discuss mailing list