LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-21-2011, 06:40 PM   #1
tiomoco
Member
 
Registered: Apr 2009
Posts: 45

Rep: Reputation: 15
Lucid Lynx > No user privacy


I run Ubuntu Lucid Lynx and users have access to other users directories and read files. How can i hide and make it all invisible for one another...??? Thank you very much guys.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-21-2011, 06:54 PM   #2
agreimann
LQ Newbie
 
Registered: Sep 2010
Posts: 28

Rep: Reputation: 6
Cool. You're running 10.04. To make your folder completely private, you can encrypt your home folder, or those of the users in question that are visible right now. A similar procedure exists for OS X 10.3+ called FileVault, in order to make folders invisible.

Or, you could open a terminal and change ownership/permissions on the folders which you wish to change access, and give access only to users that can see the folders.

However, of the two methods, I would recommend encrypting the home folder. The only issue with that, however, is that if the computer crashes and needs to be redone, you'll have a harder time getting files out of home folders.

Hope this helps.
 
1 members found this post helpful.
Old 01-22-2011, 06:47 AM   #3
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: openSUSE, Fedora, CentOS
Posts: 1,088

Rep: Reputation: 196Reputation: 196
Traditionally *nix systems do tend to get users read-only permission on each other's files by default. It's easy to change though.


Login in as each user, open terminal and run
Code:
$ chmod 700 .
Or as root run

Code:
$
$ chmod 700 /home/*

For an explanation of those chmod commands see 'man chmod' or http://en.wikipedia.org/wiki/Chmod or many other places.

All chmod does is change permissions which protects against casual attempts to access the contents. Of course any user with sudo rights can always use that to read the contents of another user's home directory. Also if you have multiple people using the same computer and any of them know how to boot the computer from a LiveCD then they could access other user's files.

FileVault on Mac OS X encrypts the user's home directory. Various solutions for doing that on Linux exist but I don't know what the best one is for Ubuntu. Encrypting home directories increases security but it also increases the risk of you losing access to the files due to filesystem corruption, disk failure, or something daft like forgetting the password. You also have to think about making sure back ups of your home directory are encrypted. (You do make back ups of your home directories don't you? Hopefully you're not one of those people who never makes backups and then is distraught when their computer is lost or stolen or destroyed by fire or flood or lightening or Act of Dog or their harddisk just goes 'clunk' one day and stops working.)
 
3 members found this post helpful.
Old 01-22-2011, 09:39 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by arizonagroovejet View Post
Or as root run

Code:
$
$ chmod 700 /home/*
Isn't that a rather unsafe approach if 'eval echo /home/*' expands to more than one thinks it will?
 
Old 01-22-2011, 10:42 AM   #5
rich_c
Member
 
Registered: Apr 2008
Location: UK
Distribution: Mepis; Maemo; openSUSE
Posts: 384
Blog Entries: 74

Rep: Reputation: 81
I'd rather use chmod go-rwx rather than 700. That way you don't touch users permissions at all, just group and other.
 
Old 01-22-2011, 11:29 AM   #6
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: openSUSE, Fedora, CentOS
Posts: 1,088

Rep: Reputation: 196Reputation: 196
Quote:
Originally Posted by rich_c View Post
I'd rather use chmod go-rwx rather than 700. That way you don't touch users permissions at all, just group and other.
Yes, I agree.

Quote:
Originally Posted by unSpawn View Post
Isn't that a rather unsafe approach if 'eval echo /home/*' expands to more than one thinks it will?
Um...

Can you give an example of how 'eval echo /home/*' could expand to more than one thinks it will? I can't think of one.
I really should work my way through those bash scripting guides at tldp.org one day. (The site isn't responding right now, hopefully it will be back on line soon)
 
1 members found this post helpful.
Old 01-22-2011, 01:13 PM   #7
tiomoco
Member
 
Registered: Apr 2009
Posts: 45

Original Poster
Rep: Reputation: 15
Thanks guys. You've helped plenty..!!!
I have started encrypting new folders with "cryptkeeper". It doesn't encrypt existing folders, so i have to make new ones. There i dump the objects of my shame. Then i log as another user and presto.! 3 folders holding my shit are invisible to regular users.
Merry weekend to all of you..!!
 
Old 01-22-2011, 03:43 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by arizonagroovejet View Post
Can you give an example of how 'eval echo /home/*' could expand to more than one thinks it will?
Using "/home/*" may expand to or include:
- /home/lost+found if /home is a separate mount point,
- any files in the root of /home,
- any directories owned by system accounts (that do not have an inert shell set),
- any directories that explicitly have permissions changed to share access.
An easier way could be to say it is a greedy match if that means something to you. A safer way could be to query /etc/password for accounts with an UID >= 500 (or /etc/login.defs) that also have a valid shell and also a $HOME in /home and also are not used for system services.
 
2 members found this post helpful.
Old 01-22-2011, 03:47 PM   #9
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: openSUSE, Fedora, CentOS
Posts: 1,088

Rep: Reputation: 196Reputation: 196
Excellent, thanks.
 
Old 01-23-2011, 07:26 AM   #10
tiomoco
Member
 
Registered: Apr 2009
Posts: 45

Original Poster
Rep: Reputation: 15
Cryptkeeper may have a GUI, but it's giving me the creeps. A few folders i created yesterday are gone...So i'd rather go for the command line.

Thank you gringos..!
 
Old 01-23-2011, 09:36 AM   #11
MTK358
LQ 5k Club
 
Registered: Sep 2009
Posts: 6,443
Blog Entries: 3

Rep: Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721
Quote:
Originally Posted by tiomoco View Post
Cryptkeeper may have a GUI, but it's giving me the creeps. A few folders i created yesterday are gone...So i'd rather go for the command line.

Thank you gringos..!
If you just don't want other user accounts to look at other users' files, I don't think encryption is the solution.

Just use the chmod command (it's not encryption, it just tells the OS not to let other users read it).
 
1 members found this post helpful.
Old 01-24-2011, 12:41 PM   #12
tiomoco
Member
 
Registered: Apr 2009
Posts: 45

Original Poster
Rep: Reputation: 15
peeping

Quote:
Originally Posted by MTK358 View Post
If you just don't want other user accounts to look at other users' files, I don't think encryption is the solution.

Just use the chmod command (it's not encryption, it just tells the OS not to let other users read it).
I'll take your word MTK358. Thanks. Cryptkeeper is letting me learn at my slow pace. However, if chmod just shuts the shades, sounds like fair enough for my privacy issue.

Thank you...!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Puppy 5.1 codename Lucid is out- Now is compatible with Ubuntu 10.04 Lucid Lynx package LXer Syndicated Linux News 0 08-15-2010 03:20 PM
Cannot install Lucid lynx ezzy96 Linux - Newbie 6 06-15-2010 01:59 AM
lucid lynx samba johnh10000 Linux - Networking 7 06-13-2010 10:53 AM
Kivio on Lucid Lynx? leupi Linux - Software 1 05-12-2010 11:26 AM
[SOLVED] Lucid Lynx Beta 1 ? taylorkh Ubuntu 2 03-18-2010 08:28 PM


All times are GMT -5. The time now is 04:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration