File Permissions and Logs
 

Hi,

I am on a computer with several user accounts, and I just found out that all my files had rwx permissions for all users by default. The first question is: can I somehow see if somebody copied any of these files (I know that I can check the timestamps with ls -lu, but that doesn't tell me if somebody copied the file).

The second question is: what does it mean that a directory has a rwx--x--x permission? What can the others do with the folder?

Thanks

It would be difficult to tell if anyone has copied your files, but you could run a simple 'find' command on the computer to see if there are any copies lurking around.

As for your second question, welcome to the world of linux file permissions. A good tutorial will really help you out, but here's the answer to your question:
The directory (permissions 711) gives full Read/Write/eXecute permission to the owner. It gives only eXecute permission to group and all users. Execute permission gives the user the ability to 'cd' into the directory. In this situation, that is mostly harmless because they cannot read or write data in the folder, nor can they list the files.

.... but note that they can access files in those directories (respecting the permissions on those files) if they know the filename..

Good point. The permissions of the parent directory do not always automatically protect the files inside the directory, and my post may have been a bit misleading. Here's some clarification: If the directory has execute permissions, a user can 'cd' into the directory and read any files that have read permissions. If the directory does not have execute permissions, a user cannot read files in that directory. In either case, a user needs read permissions to list the files in a directory.

you can use chown and chmod for further security

And with both of those commands, you can make them apply recursively (all sub-directories and files within) by using the -R flag.

For example:

would make my whole secrets folder, along with all the files and folders in it, unreadable to everyone but me (and root).

So if I set the permission of my home folder to rwx------, and if there is a file in the folder which has rwxrwxrwx and someone knows the name and the path to this file, he wouldn't be able to read it? and if the home folder had rwx--x--x, he could read it?

Regarding the copying, isn't there at least some log where such an information could be stored (apart from bash history of users)?

That is correct. A user has to be able to 'cd' into the directory of a file in order to read it.

As for copying, there is no built-in log of these sorts of things. If you'd like to set one up, look into the 'audit' package. It is a very powerful system logging and monitoring package.

If you really want a list of what has been accessed the format below for find can work.


/home/ --> Directories you are concerned about

-atime +# --> # of days since concern.

*XXX (mp3 above) --> break it down by file extension to get smaller sub sets or leave off if you want a full list.

Then just open "Concerns" with any text editor to review.

That will only show when the file was last accessed at all. It won't really reveal which user did it. Also, some processes may access your files automatically, like updatedb. I'm not sure if it would affect the find command listed above, but other cron jobs may.