Users can access each others files, :( how to stop that?

M$ISBS · 03-26-2011, 07:37 PM

I just realized that I can access other users files and they can access my files

simply by using the console to navigate the file system, Its not that big a

deal, I am the only one using the computer but this seems like something is not

configured correctly. Should each user be able to look at and modify each others

files by default? (On Xubuntu 10)

How would I go about restricting users access to other users?

Thanks.

stress_junkie · 03-26-2011, 07:50 PM

Check the permissions on the home directories of the users as follows.

Code:

ls -lh /home

It should look something like this.

Code:

$ ls -lh /home
total 76K
drwxr-x---  3 abc       abc       4.0K 2011-01-19 16:43 abc
drwxr-x---  5 folding   users     4.0K 2011-03-26 20:18 folding
drwx------  2 root      root       16K 2010-10-02 17:20 lost+found

In this example there is a user account named abc which can only be accessed by the abc account and root. Then there is a user account named folding for running Folding At Home software. This account's files can be viewed by any user account in the "users" group. Lastly there is the lost+found directory that can only be viewed by root.

M$ISBS · 03-26-2011, 08:13 PM

Mine shows this:

drwxr-xr-x 66 steve steve 1.0K 2011-01-12 13:07 steve
drwxr-xr-x 22 chair chair 2.0K 2011-01-12 12:30 chair

Should I use chmod to alter the permissions or is there another way I should do it?

stress_junkie · 03-26-2011, 08:15 PM

Quote:

Originally Posted by M$ISBS

Should I use chmod to alter the permissions or is there another way I should do it?

Yes and yes. Use chmod and there is another way. (Nautilus for example).

M$ISBS · 03-26-2011, 08:24 PM

Quote:

Originally Posted by stress_junkie

Yes and yes. Use chmod and there is another way. (Nautilus for example).

Do I issue chmod -rwx for each user? Wouldnt that prevent me from logging into them? I am not sure how to do it

carltm · 03-26-2011, 08:51 PM

Just verify that all the directories in /home are actually home
directories for users. Sometimes people or programs will create
directories in /home that aren't real users' home directories.

If there are no special directories, you can run "chmod go-rwx /home/*".
Otherwise it would be "chmod go-rwx /home/user1 /home/user2 ..."

Incidentally, it's good that you noticed simply running "chmod -rwx"
could have been a problem.

M$ISBS · 03-26-2011, 10:04 PM

Thanks guys, I think its ok now.
when I try to access the other user now I get a permission denied message.

chrism01 · 03-29-2011, 08:23 PM

You'll also need to look at umask http://linux.die.net/man/1/umask for newly created files. chmod only affects extant files.