User privacy

Robert Heller heller at deepsoft.com
Tue Feb 16 17:21:23 UTC 2021 

At Tue, 16 Feb 2021 17:37:21 +0100 "Ubuntu user technical support, not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:

> 
> Content-Type: text/plain
> 
> Am Dienstag, den 16.02.2021, 15:54 +0000 schrieb Chris Green:
> > On Tue, Feb 16, 2021 at 04:35:57PM +0100, Volker Wysk wrote:
> > > Am Dienstag, den 16.02.2021, 23:23 +0800 schrieb Bret Busby:
> > > > On 16/02/2021, Volker Wysk <post at volker-wysk.de> wrote:
> > > > > Hi
> > > > > 
> > > > > Am Dienstag, den 16.02.2021, 14:18 +0000 schrieb Ian Bruntlett:
> > > > > > Hi,
> > > > > > 
> > > > > > I'm sorting out an existing Lubuntu 18.04 laptop for a mother and
> > > > > > daughter. At the moment when I run umask I get the result "0002" which I
> > > > > > believe means that different users can read each other's files in their
> > > > > > $HOME directories. They want to stop each other from reading their files.
> > > > > > 
> > > > > > Now I have a rough idea on how to arrange this. I believe a different
> > > > > > umask value has to be specified however I don't know:-
> > > > > > * What value of umask to use
> > > > > > * Where to set that value so that it is set as the default on
> > > > > > bootup/login.
> > > > > 
> > > > > You don't need to touch the umask. Just delete the permissions for "others"
> > > > > on the home directories:
> > > > > 
> > > > > chmod o-rwx /home/HOMEDIR1
> > > > > chmod o-rwx /home/HOMEDIR2
> > > > > 
> > > > > Bye,Volker
> > > > > 
> > > > 
> > > > Is it "others" or "group"?
> > > > 
> > > > I preferred it when it was numbers; the 777 system, so, for example,
> > > > chmod 007
> > > 
> > > It's "others". Each user should have its own private group with the same
> > > name as the user name and only that user in it. So the group ownership or
> > > permissions should not be a problem.
> > > 
> > It always seems to be a rather strange default set-up to configure
> > every new user to have a group of their own.  It makes the whole idea
> > of groups in permissions rather redundant!
> 
> Not at all. You still can create groups, if you want to share something, or
> want to grant access rights to something to specific users. You just don't
> share anything by default. Its more secure this way.
> 
> > It *may* be a good idea to configure things so that, by default, files
> > don't have group read permission (i.e. umask 002, I *think*) but one
> > often *does* want to share files for reading and that requires that
> > users belong to some common groups.  They can then set group read
> > permission on files they want to share.
> 
> Yes, just add a group named "users" with all the users in it. Then they can
> set the group ownership to "users" for files they want to share between all
> users. But they must do so explicitly, and I think this is a good thing. 
> 
> Come to think of it, this also means those users will also have to do
> something with their home directory group membership, when they want to
> share something inside their home directory. If it has been configured to
> exclude "others", as I've advised above...

chmod go+x ~

(note: not r!)

Execute on a directory allows directory traversal, but not read access.

> 
> Cheers,
> Volker
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services

More information about the ubuntu-users mailing list