DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've just installed linux for my brother. He's got roomates, they all share the same machine. I'd like to set it up so each of the /home directories is private.
I looked into /etc/skel and searched the net a bit, and LQ, but it isn't clear to me. I am wary of simply chmod 700 on /home/mickey, for example, cause this might cause problems for the system. I suppose i could create a directory, say /home/mickey/private and then do the chmod 700 there. That's a bit clumsy, each user would have to be diligent about where they put stuff.
Any suggestions? Ideally the proper umask or whatever should be set automatically when a user is added...
I like the way Mandrake is set up. It creates a group for each user of the same name as the user. So even if a file has group access another user can't read the files because each default group is private.
Also, you may want to change the "umask" value in $HOME/.profile. This value is used by the shell to mask permissions on new files. It is probably 0660, and 0600 may be a better value if the default group is "users".
Originally posted by jschiwal I like the way Mandrake is set up. It creates a group for each user of the same name as the user. So even if a file has group access another user can't read the files because each default group is private.
Also, you may want to change the "umask" value in $HOME/.profile. This value is used by the shell to mask permissions on new files. It is probably 0660, and 0600 may be a better value if the default group is "users".
I agree with that, I first started using mandrake over 3 years ago and found it was great that it created a user and a group with the same name, i meant that others by default couldn't read your home folder on my samba server. But when I changed to using slackware for samba everytime you added a user it would and them to the 'users' group by default, giving everyone read and execute permissions by default.
By default, each user in Debian GNU/Linux is given a corresponding group with the same name and id. Usergroups allow group writable directories to be easily maintained by placing the appropriate users in the new group, setting the set-group-ID bit in the directory, and ensuring that all users use a umask of 002. If this option is turned off by setting USERGROUPS to no, all users' GIDs are set to USERS_GID. Users' groups can also be overridden from the command line with the --gid or --ingroup options to set the group by id or name, respectively.
and, btw, the umask is a bitmask of disallowed bits,
so if you want new files to have rw------- you have to use 077
I know it is a umask thing. the trouble is I don't know where to set it, so that it is global.
at the moment, any user added to the system has a umask of 0022. I thought that this might be set when users are created; so I checked /etc/skel/
In /etc/skel/ there is the default file '.bash_profile' This file refers me to a file called '/etc/login.defs' This file contains a whole slew of settings. Some of the text int '/etc/login.defs' refers back to PAM.
After consideration, i think i need only change settings in '/etc/login.defs'.
If I want strict privacy between and amongst users (they can't see, read, delete, write to any directory in /home except theirs..!) and at the same time don't want to befuddle the system (ie. - programs updating config. files in /home) then what would be the most appropriate umask to set..??
normally, system config scripts don't touch any user-config files, but only the global config in /etc, so you can simply use this script:
(for individual groups with same name as user)
Code:
#!/bin/bash
while [ "$1" != ""]; do
DIR="${$1%/}"
chown $DIR:$DIR /home/$DIR
chmod 770 /home/$DIR
shift
done
or for a common group "users":
Code:
#!/bin/bash
while [ "$1" != ""]; do
DIR="${$1%/}"
chown $DIR:users /home/$DIR
chmod 700 /home/$DIR
shift
done
(call it homedir_fixrights and save it in /home with
rights rwx------ and owner root:root)
now go to your home dir and call it with all subdirs as parameters
Code:
cd /home
homedir_fixrights */
it will change ownership of every dir to the user (and group) with the same name of the directory and set the access rights to allow only the user itself (and veryone in "his" group).
#!/bin/bash
#0 homedir_fixrights === fixes home directory ownership rights
## ver. for individual groups with same name as user
#@ by "doc.nice", tweaked by "archtoad6"
for DIR in /home/*
do
chown $DIR:$DIR /home/$DIR
chmod 770 /home/$DIR
done
and:
Code:
#!/bin/bash
#0 homedir_fixrights === fixes home directory ownership rights
## ver. for a common group "users"
#@ by "doc.nice", tweaked by "archtoad6"
for DIR in /home/*
do
chown $DIR:users /home/$DIR
chmod 700 /home/$DIR
done
Originally posted by archtoad6 Nice scripts, nice explanation.
May I suggest a small simplification?:
Code:
#!/bin/bash
#0 homedir_fixrights === fixes home directory ownership rights
## ver. for individual groups with same name as user
#@ by "doc.nice", tweaked by "archtoad6"
for DIR in /home/*
do
chown $DIR:$DIR /home/$DIR
chmod 770 /home/$DIR
done
and:
Code:
#!/bin/bash
#0 homedir_fixrights === fixes home directory ownership rights
## ver. for a common group "users"
#@ by "doc.nice", tweaked by "archtoad6"
for DIR in /home/*
do
chown $DIR:users /home/$DIR
chmod 700 /home/$DIR
done
Thanks for the compliment, don't forget to incorporate anomie's ideas, the originals were deficient on those points.
How do you feel about a single script that has two modes, one for each of the user:group paradigms in use? There would either a way to set the mode or perhaps the script could detect the mode.
I think automatic mode detection could be accomplished by having the script take the name of 1 known regular user as an argument & comparing its UID & GID, or grep'ing /etc/group for "^users". If it weren't so complicated, it could also compare the UID & GID of any user name found in /home.
Also be sure that you have modified /etc/adduser.conf so that it creates new user directories with the permissions that you want them to have initially. Also taking a look in /etc/skel/* is a good thing to set the umask levels.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.