LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-01-2015, 08:08 PM   #1
M$ISBS
Member
 
Registered: Aug 2003
Posts: 834

Rep: Reputation: 30
Able to acess other users folders/files ?


I installed ubuntu 14 on two different machines, one to replace my aging system and the other to just

play with.

I stumbled across an odd situation, I can access all folders and files for other users (through the

GUI) I have created and vice versa, I can even access the root account from regular users accounts.

I did uninstall unity and installed cinnamon and XFCE4 but I doubt that would have anything to do with

it, or would it?

What could I have done to allow this possible so I can fix this?

Thanks.
 
Old 01-01-2015, 08:19 PM   #2
M$ISBS
Member
 
Registered: Aug 2003
Posts: 834

Original Poster
Rep: Reputation: 30
Able to acess other users folders/files ?

Nevermind..... I just found out that permissions need to be set manually.

 
Old 01-01-2015, 09:34 PM   #3
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
This is normal. You are permitted to view other users information (most, not all) and copy from it. You are however not able to modify it.
If you want to stop that, you can go to /home and prevent other users from accessing the directory. Since they can never go into that one directory, everything else continues to be secure.

e.g., assuming my username is miati

Code:
chmod 700 /home/miati
Done.
The 7 indicates the owner may access, and write to the directory. The following two zeros indicate that the group and everyone else may not access or write to directory.

Take notice that if you run scripts or crontabs, there is a chance that if you try to run a script from a protected directory, it may not have permission to read it.

Last edited by Miati; 01-02-2015 at 12:42 AM. Reason: forgot the not
 
Old 01-02-2015, 12:09 AM   #4
M$ISBS
Member
 
Registered: Aug 2003
Posts: 834

Original Poster
Rep: Reputation: 30
I thought that, that was the type of thing linux was designed to prevent? IIRC, In slackware you had to specify who had access to what.

I just find it odd that you have access to other users files by default....

Is that normal for all of Linux distros or is that unique to Ubuntu?
 
Old 01-02-2015, 12:42 AM   #5
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
From what I've used this is permitted.

Linux is designed to be multi-user while being secure. This is in effect. You cannot view others critical information (e.g. private keys) but sharing information isn't impeded.
If you don't agree with it, you can deny access to your entire home directory in one command, without any superuser privileges. You can also permit access to it and deny other certain folders (like Documents but permit music)

I just noticed that I forgot the "not" of being able to modify others files. Sorry! Amazing what one word left out can redirect the meaning of something.

Last edited by Miati; 01-02-2015 at 12:46 AM.
 
Old 01-02-2015, 01:29 AM   #6
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
If you want to be strict change permission of home directory by:

Code:
chmod u=rwx,go=
and changing the umask setting in /etc/login.defs file to:

umask 077
 
Old 01-02-2015, 01:36 AM   #7
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
You don't need to set all created files manually, may be you should set proper umask i.e. in /etc/login.defs.

umask 077
 
Old 01-02-2015, 09:56 PM   #8
M$ISBS
Member
 
Registered: Aug 2003
Posts: 834

Original Poster
Rep: Reputation: 30
Thanks.
 
Old 01-03-2015, 08:15 AM   #9
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,603

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
Also - if you have a policy of blocking access to other users files (some sites do), then I suggest setting the adduser default UMASK value to (077). By default the umask used when creating the home directory is 022, which grants the owner all rights (the 0), and read/search (the 2) on directories for group and other.

Setting this to be the default means the access mode put on the home directory will be masked by 077 (so rwxrwxrwx, masked with 077 will be rwx------) and the home directory will be created with this access mode by default, without needing you to change it after it is created.

You can also look in the "/etc/skel" directory and configure some defaults you want all users to get - you can also add the command "umask 077" to the file (or add it to /etc/bashrc... but that will affect ALL users every time the login, and you may have different class of users where you don't want that to happen, or want something different).

Users can still change this once they login, but that is because they own the home directory and will own their configuration files (.bash_profile, .bash_logout, .bashrc, ...)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
On what way will files acess permission change affect non-root (apache, ftp) users. Vinnipuh Linux - Newbie 6 08-20-2012 11:26 AM
[CentOS] Folders+Files Users Access Control List Remoz Linux - Server 1 02-24-2009 06:23 AM
Check to see which users have root level acess harsh5235 Linux - Newbie 2 05-21-2008 07:40 PM
VNC: acess XP computer with more users AlterAngelus Linux - Networking 1 07-21-2005 07:58 AM
How to allow all users Acess to usb devices not in /dev pHaT tAcO Debian 3 05-04-2004 07:34 PM


All times are GMT -5. The time now is 08:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration