SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You can add /home/<user> to your PRUNEPATH in /etc/updatedb.conf.
Personally I set all users home directory to 700 and have a shared document directory with permission 770. This is only used to copy files between users and not for storing files.
Nothing wrong. With the permission you can go to the sub-directories (depending on their permissions) of /home/katy but you can not see what is in /home/katy (you need r to see the content of a directory). As root do chmod 700 /home/katy then trying viewing her files.
I wouldn't call it too permissive. This gives you some access to the users directory, but you were unable to list the content of the directory. Look into file/directory permission (google) for more info on the subject. Also look into umask to explain the default file permissions for users.
Another option would be to add a list of default directories to /etc/skel with your required permissions. This will create a list of standard directory when you add a user.
Obviously I am able to make things more secure if I want to. However, I do not expect a user of the system to have this knowledge. Indeed I have now been running linux/slackware for 5 years and I have just discovered that in a default setup any user is able to browse the subdirectories of any other user. Why should the default be drwx--x--x rather than drwx------?
I agree, user home directories are way too sensitive to be left open like this by default. It's especially bad when you consider that the default umask is 0022. There'll be no end of common dotfiles and directories left readable in a users home directory.
Like Tux_dude, I chmod 700 all my users home directories for this very reason.
Obviously I am able to make things more secure if I want to. However, I do not expect a user of the system to have this knowledge.
System security is not the responsibility of the user but the sys admin who should have this knowledge. You can always modify the default security to lock down the system.
Quote:
Why should the default be drwx--x--x rather than drwx------?
To my knowledge, this has been the default permission on user directory on Linux for quite a while. This allows external apps such as mail and web server to access the user home folder. This allows enough access to traverse the user home directory but not view its content (why ls /home/katy failed).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.