Originally Posted by mhg
I have been messing around, trying to learn more. Created another user with password. Everything is owned by me. So I log in as the other user, and sure enough, I can not use files. But I open "file system" and I can see everything, all I have to do is copy what I want, paste it in the users /home, and now that user is the owner. No security there at all.
What am I missing?
I may well have everything owned by me, and nothing owned by root, but I am not sure (trying to fix something else I screwed up).
Quick edit: "file system" is listed as owned by root.
From your terminology, I deduct that you are operating from a graphical file manager. If you have used it as root, you might very well have screwed yourself, that's why people usually say "don't use X as root", because, indeed, there's absolutely no need.
The first things I have to know, and it's not clear by your first post, is if you changed the permissions of everything in your filesystem to belong to a given user, instead of root. If you changed everything starting from / with new permissions/ownership, your best bet is to reinstall.
When describing this kind of stuff, it's very important that you tell us all the details. For example, we don't know what file manager you are using, and I really don't know how they handle the things. Using the standard linux terminology would be better (for example, I assume that when you say "file system" you mean "/").
If that's the case, you need to know that the regular users can see (read) only what they are supposed to see. They need read permissions in most of the files of the system, so, it's not strange at all that you can read those files and copy them into your home (how would you run a program without reading the binary file that holds it to load it into memory?).
There's absolutely no risk on that, and that you copy this stuff in your home is not going to give you any degree of control nor any extra facilities at all.
On the contrary, there are some bits of the system that you are not going to (well, should not be able to) read. You should not be able to access /etc/shadow, for example, which holds the hashes of the passwords of the system. You shouldn't be able either to read on other users's home directories, unless you are root or they gave you permission to do so.
If you can do either of these, then you screwed something.