User privacy

Volker Wysk post at volker-wysk.de
Tue Feb 16 16:37:21 UTC 2021 

Am Dienstag, den 16.02.2021, 15:54 +0000 schrieb Chris Green:
> On Tue, Feb 16, 2021 at 04:35:57PM +0100, Volker Wysk wrote:
> > Am Dienstag, den 16.02.2021, 23:23 +0800 schrieb Bret Busby:
> > > On 16/02/2021, Volker Wysk <post at volker-wysk.de> wrote:
> > > > Hi
> > > > 
> > > > Am Dienstag, den 16.02.2021, 14:18 +0000 schrieb Ian Bruntlett:
> > > > > Hi,
> > > > > 
> > > > > I'm sorting out an existing Lubuntu 18.04 laptop for a mother and
> > > > > daughter. At the moment when I run umask I get the result "0002" which I
> > > > > believe means that different users can read each other's files in their
> > > > > $HOME directories. They want to stop each other from reading their files.
> > > > > 
> > > > > Now I have a rough idea on how to arrange this. I believe a different
> > > > > umask value has to be specified however I don't know:-
> > > > > * What value of umask to use
> > > > > * Where to set that value so that it is set as the default on
> > > > > bootup/login.
> > > > 
> > > > You don't need to touch the umask. Just delete the permissions for "others"
> > > > on the home directories:
> > > > 
> > > > chmod o-rwx /home/HOMEDIR1
> > > > chmod o-rwx /home/HOMEDIR2
> > > > 
> > > > Bye,Volker
> > > > 
> > > 
> > > Is it "others" or "group"?
> > > 
> > > I preferred it when it was numbers; the 777 system, so, for example,
> > > chmod 007
> > 
> > It's "others". Each user should have its own private group with the same
> > name as the user name and only that user in it. So the group ownership or
> > permissions should not be a problem.
> > 
> It always seems to be a rather strange default set-up to configure
> every new user to have a group of their own.  It makes the whole idea
> of groups in permissions rather redundant!

Not at all. You still can create groups, if you want to share something, or
want to grant access rights to something to specific users. You just don't
share anything by default. Its more secure this way.

> It *may* be a good idea to configure things so that, by default, files
> don't have group read permission (i.e. umask 002, I *think*) but one
> often *does* want to share files for reading and that requires that
> users belong to some common groups.  They can then set group read
> permission on files they want to share.

Yes, just add a group named "users" with all the users in it. Then they can
set the group ownership to "users" for files they want to share between all
users. But they must do so explicitly, and I think this is a good thing. 

Come to think of it, this also means those users will also have to do
something with their home directory group membership, when they want to
share something inside their home directory. If it has been configured to
exclude "others", as I've advised above...

Cheers,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20210216/2b97f92a/attachment.sig>

More information about the ubuntu-users mailing list