Destroying "only" your home directory (was Re: Newbie question on permissions)
Kenneth P. Turvey
kt-usenet at squeakydolphin.com
Mon Apr 3 04:36:51 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 03 Apr 2006 11:08:04 +0800, Michael T. Richter wrote:
> I fear you're running into a clash of cultures here. The whole UNIX
> mindset is centred on multi-user systems. Apparently the fact that
> multi-user systems are the exception these days, not the norm, has escaped
I think some people are missing some important facts. Nearly all Unix
systems are multi-user. It may be that only a single user sits at the
keyboard, but other users are executing jobs with different privlidges all
the time. A single user can take advantage of this. If you are really
worried about a certain kind of data you want to store, and you think that
hostile hackers might want to mess up your box (I really think this threat
is overblown, but anyway), set up a special user to handle your wedding
photos. Keep yourself locked out of their directory entirely except with
a script executed by sudo that copies your new photos to the correct
directory. Make the photos themselves world readable in this case.
Now you can no longer manage to destroy the photos unless you become root.
The system being built for multiple users can really help out in these
situations. You still should have good backups. I've been burned before
on this, so has just about everyone else. You should learn from our
mistakes and keep multiple very good, very current (and less current),
very complete backups.
> The UNIX (and better) styles of multi-user security are fine for things
> like servers. Indeed they're necessary. For desktop machines, however,
> as you so aptly pointed out, the UNIX way of doing things is exactly
> ass-backwards. The stuff that's semi-trivial to replace (re-install or
> re-download) is protected at all costs and the stuff that's irreplaceable
> is given no thought whatsoever.
You really don't want the operating system protecting you from yourself.
If you do there are solutions to this problem. Good backups are part of
Kenneth P. Turvey <kt-usenet at squeakydolphin.com>
XMPP IM: kpturvey at jabber.org
Yahoo IM: kpturvey2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the ubuntu-users