lock other users from you /home
is there a way to lock all /home/ from other users? so one user cant see what the other user got in his /home? or do i have to "chmod" all folders and files one by one?
|
Well, if other users are denied read, write, and executable permission on a directory, then they won't be able to access stuff inside that directory anyhow, regardless of permissions of those stuff.
You can always recursively chmod all files in a directory using "chmod -R" rather than "one by one". |
Yes - this works on my machines, so no good reason to think it won't work on yours.
Try this (you don't need to be root): Code:
chmod go-rwx /home/<your_user_name> -R |
Code:
chmod go-rwx /home/<your_user_name> -R one more tho, do i have to do this command eveytime i got new files im my /home/ or do new files get the right chmod now? |
If you put the following command in your .bashrc or .bash_profile, then no:
Code:
umask 077 |
ok, but please tell me more about the commande so i can learn
|
What the "umask 077" does is to set it so that all new files and directories created by you automatically have the 700 access permissions. The 700 mask means that your user has read/write/excecute (7) for the file, and the group and other users have no access (0). If you type "ls -al" on a directory, all the files will have some letters on the left side that correspond to the access permissions for the file. The first letter is for special files, like directories. The three sets of 'rwx' correspond to read/write/excecute for the user, group, and other users. If you convert the 7 (from the 700 above) into binary, the value is 111. This means that the value for read/write/excecute for that user are all true. For the example below, the file is a directory (d), the user has permissions of 7 (rwx) the group has permissions of 5 (r-x) and the other users have permissions 4 (r--).
drwxr-xr-- 7 root root 4096 2005-07-22 16:39 .. Is this clear? |
this is clear ;) thx
only one thing tho (theres always another question lol) if you want access mask "700" or whatever its called.. why type umask 077? whu dont "umask 700"? or does "u" stand for unmask so it remove permissions? wow i think im right here ^^ my brain works yey |
Welcome to the world of UNIX/Linux!! :D
umask doesn't mean unmask - although you'd think it should. I don't know where the 'u' of umask comes from but no doubt a grizzly-haired UNIX-wizard will enlighten us all one day. As for the umask command - it sets the default permissions for newly created files, just as shubb stated. On my Slackware 10.0 box, in /etc/profile the default is set to 022 in order to prevent files being group and world writable. This is quite nice actually from a security perspective because it helps make it harder for any intruder to write log files in ways that obscure their tracks. Mind you, if they are inside your box, they probably won't be put off by that!! I have found that using something like Code:
chattr +i Code:
chattr +a |
That should be good enough for a home system. However, for further customization of file premissions look at Access Control Lists (ACL), which implents file premissions similar and even more flexible than that of windows.
POSIX Access Control Lists on Linux |
Quote:
Quote:
remeber i still want my /home/* totally locked down Quote:
Quote:
and yes im a newbie... dont ask :D |
Quote:
Code:
witch one is it? first or second? ;) and where are those 2 files? |
czon, to answer your question of why you use 077 instead of 700, is because the umask is the opposite binary values of what you want the files to be. Dont ask me why, but thats how it is.
Say for example, you want all files to have 754 access properties (rwx for owner, r-x for group, r-- for everyone else). You figure out the binary values for each number: 7 = 111 5 = 101 4 = 100 Then you flip the ones and zeros, and that is the value you use for your umask command. 000 = 0 010 = 2 011 = 3 So the command to put in the profile is 'umask 023' If you want NO other user to be able to see ANYTHING in your home directory, then use the "umask 077" in your profile, and run the command "chmod -R 700 ~/" to change the permissions for all the files and directories in your home. |
To the OP:
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place. http://www.linuxquestions.org/rules.php This thread has been reported for closure. |
thx alot saman007uk and shubb ;) think i got it now
Quote:
Therefor i posted same question again, but this time in Debian just to get help from others with same OS as me.. if you really have to close one, close the thread in newbie forum, and i hope you can understand why i broke the forum rules this time. thanks czon |
All times are GMT -5. The time now is 05:05 PM. |