Idea
#6106: Make so other people cant access your home directory
|
| |
430
|
|
|
Written by Eldmannen the 30 Mar 08 at 16:57.
Category: Security.
Related to:
Nothing/Others.
Status: New
|
|
|
Description
I created a new Guest account, then I stripped it of all user privileges.
Then I found out, that it could access all MY private data files in MY home directory.
Please fix it so that other users cannot read the home directories of other people. This is a breech of privacy.
Attachments
 Bug #209292 : Restrict access to users home directory to account owner
|
|
Duplicates
Comments
|
TBH wrote on the 30 Mar 08 at 19:37
|
Seriosuly man, WTF?
chmod 750 -R /home/tbh/
chown tbh:tbh -R /home/tbh
and nobody except root can not access my personal data.
This do not neet fix. It need thinking.
|
|
Eldmannen wrote on the 30 Mar 08 at 20:05
| |
So now I need to open the command line and manually enter commands in order to secure my computer to prevent other people from accessing files on MY account?
|
|
Lee wrote on the 30 Mar 08 at 20:35
| |
@TBH: no, it doesn't matter that it's easy to fix. No matter how easy things are, one of them will always be missed if they all have to be done manually. "Secure by default" is an important security principle. Moreover, easy for some is complex for others, and those others are precisely the ones who need security defaults. Advanced users who know about permissions, creating users/groups, etc. will probably customise no matter what the default is.
|
|
mribecky wrote on the 30 Mar 08 at 20:37
| |
No, go with naitilus to /home, right click in your home > properties > permissions. Then change "Others" permissions to none then "Apply permissions to enclosed files"
|
|
Eldmannen wrote on the 30 Mar 08 at 21:05
|
mribecky,
It should be secure by default.
People told me that Linux is secure.
I assumed it was.
I shouldn't have to secure it manually...
|
|
vexorian wrote on the 30 Mar 08 at 21:22
|
That's a little lame to say.
Privacy and security are unrelated topics, you are mostly talking about letting someone with access to your computer and expecting him not to find stuff, even if home was invisible by default, the guy would be able to access your stuff using the recovery mode or by inserting a live cd.
The most secure system is not going to protect you about a guy having physical access to your computer.
|
|
vexorian wrote on the 30 Mar 08 at 21:24
| |
You didn't tell the system the files were private, so the guessing account was accessing your public files, not your private files.
|
|
Eldmannen wrote on the 30 Mar 08 at 21:30
|
With disk encryption, someone with physical access to the computer would not be able to access my files using recovery mode or a live CD.
The system should assume that anything in MY home directory were private files.
|
|
ziggyfish wrote on the 30 Mar 08 at 23:40
|
Eldmannen:
AFAIK, Windows (XP) does this as well. You can refine the so called 'security' for each file. Linux, just has a better way of preforming the same task.
|
|
Eldmannen wrote on the 31 Mar 08 at 00:23
|
ziggyfish,
As far as I know, when using Windows XP together with NTFS, you cannot access other peoples data from their accounts.
|
|
mribecky wrote on the 31 Mar 08 at 01:18
|
@Eldmannen
As vexorian said, this is not a security issue, its a privacy thing. Considering Ubuntu is a desktop OS, the only people able to access it are people you allow, so I dont think ubuntu should hide anything unless told to.
|
|
alberge204 wrote on the 31 Mar 08 at 06:28
| |
With all due respect, changing the permissions of your home directory so that other users can't read your files is very easy in Nautilus. As far as I know, the standard permissions on virtually all systems give read only access to other users on the same machine, and this is a very sensible default. You can imagine there would be a lot more confused people if users on a system couldn't share files by default.
|
|
Eldmannen wrote on the 31 Mar 08 at 08:49
|
mribecky,
I think privacy and security, while not the same thing, goes hand-in-hand. There are no privacy category, so I picked security.
Just because I allow someone to use my computer, does not mean I want them looking through all my personal stuff.
alberge204,
We shouldn't justify a faulty behavior on the basis that "hey, they are doing it too".
This behavior is wrong, and should be fixed. Yes, it is easy to fix (for those people aware of the problem), but it should be secure by default.
|
|
soccerfan wrote on the 31 Mar 08 at 09:47
|
Eldmannen,
I think you remember wrong. Although in XP there is the option to restrict your home directory (or any other), it isn't enabled by default.
I don't know what would be the better way for most people.
For me, the actual default is OK.
Maybe it would be a solution, if you can decide through the installation process.
|
|
Eldmannen wrote on the 31 Mar 08 at 12:16
| |
What is the point of having a password protected account, if people can access your files?
|
|
jalejandre wrote on the 31 Mar 08 at 13:26
| |
In my opinion, even if this were a bug, this is not a bug report platform, so you should use the Ubuntu launchpad for this.
|
|
Agony wrote on the 31 Mar 08 at 14:56
|
Change it so that no one can see the files in your homefolder and people will be crying because no one can share their files with their family. (or other users)
Frankly I think this is the right way to do things; If you put something inside your house(computer) all other members of your family(who live in the same house/use the same computer) will be able to access it, unless you put a lock on it(change the default permissions)
Privacy and Security do not go hand in hand, but through security bugs your privacy can often be compromised. This is not the case though, nobody online(unless he knows your password and you got something like SSH installed) can get to your files.
And the reason you got a password protected account is to prevent anyone from MODIFYING or DELETING those files in your home folder.
I hope this clears it up, if this is such a big issue perhaps the installer should ask "oh users on the same machine can access your files, do you need more privacy?" Although I hope we get an "expert" installation mode where this kind of question is just left out, there is a limit to how much hand holding a user can tolorate.
|
|
Shii wrote on the 31 Mar 08 at 21:59
| |
This is unexpected behavior; therefore, it should be fixed. It's that simple.
|
|
ld_barthel wrote on the 1 Apr 08 at 11:55
|
(Nicely stated, Agony)
The word "assume" has been used/implied several times in this discussion, e.g.:
"I assumed [Linux was secure]."
"The system should assume that anything in MY home directory were private files."
"This is unexpected behavior..."
Unexpected? Let's take a moment to look at OpenBSD, one of the (if not *THE*) most secure Unix systems available today. According to http://www.openbsd.org/cgi-bin/man.cgi?query=umask&apropos=0&sektion=0&manpath= OpenBSD+Current&arch=i386&format=html the default umask in OpenBSD is 022: only write permission is withheld from other users.
We should remember that "other" users includes system users like daemon, bin, sys, lp, gdm, and mysql. If you lock down your entire home directory, you may lose the ability to read your own configuration files or run some programs.
If you remove read and execute permission from your home directory, then other users cannot even find the files you *want* them to be able to read unless they know the exact full pathname.
If you have data that is truly private, it is up to *YOU* to mark it as private--even encrypting it if necessary.
|
 droetker (Moderator) wrote on the 1 Apr 08 at 18:24
|
in debian you can choose if you want to have "system wide readable home directories" or not.
Ubuntu is a debian derivate.
Ubuntu chose that way, so that is no no mishappen.
But in my opinion it is very bad to, so i vote for security.
Anyone could change his home dir readable if he wants.
But it does not comply with Ubuntus "no default open ports" philosophy.
|
|
Hawke wrote on the 4 Apr 08 at 15:52
|
Agony wrote,
"people will be crying because no one can share their files with their family"
And people will be crying because their family found those files they didn't want others to see.
Either statement is not a valid one to build a system default from, even if they were both true.
"Secure by default" is, though.
See also articles like this: http://www.bestsecuritytips.com/news+article.storyid+245.htm
From the article, "Always chose carefully the folders and files which you intend to share ...". That article refers to p2p file sharing, but the general principle of not sharing with (potentially) untrusted other people applies here.
|
|
briceparent wrote on the 5 Apr 08 at 14:19
|
I think it would really be better to split the home directories into a private part and a local-shared part, where from the beginning both of them already have their own access rights.
The first with full access to the owner, restricted access to the group, and no access to the others (so a 027 Umask).
The second would just be adding rights to the others (022).
New users would just have to ask themselves if they want or not to share their files to know where they have to put them.
/home/[user]/ or /home/[user]/shared/
|
|
Adrian Godoy wrote on the 7 Apr 08 at 23:01
| |
Agreed. Only you and root should be able to look at your /home.
|
|
banana wrote on the 10 Apr 08 at 08:30
|
There was a question in the default installer when you add a new user:
should the home directory be home readable ?
you could check yes/no.
(At least it was in the debian and ubuntu text installer).
Where did it go ?
It should be restored if it's gone.
|
|
banana wrote on the 10 Apr 08 at 08:31
|
small typo:
should the home directory be WORLD readable.
sorry
|
|
alvevind wrote on the 19 Apr 08 at 10:44
|
+1
I think the "secure by default" policy should imply privacy between non-privileged user accounts. Perhaps have a "Shared Files" folder for each account that is open to the other users.
|
|
The RedBurn wrote on the 29 Apr 08 at 18:42
|
This is especially important if http://brainstorm.ubuntu.com/idea/1474/ was to be implemented.
What if because of a security hole, a remote user gains access to the guest account and get your files ?
Stolen informations can be worse than lost informations.
|
|
The RedBurn wrote on the 29 Apr 08 at 18:44
| |
I forgot to suggest to create by default a "sharing folder" with read access to everybody.
|
|
Monicker wrote on the 3 May 08 at 14:12
|
Interesing. The default for all other linux and unix operating systems that I have used is for the a user's home directory to only be accessible by that user.
Sometimes Ubuntu deviates in very questionable ways.
By default the only person who should be able to read a user's files is that user. They can always change it if they want to give access to others.
|
|
Hammer89 wrote on the 8 May 08 at 21:00
| |
While I've gotta agree that a users home dir. should only be viewable by him and root... I can't agree that this is all that big a deal... especially since I can fix it in half a minute. :P
|
|
drinkypoo wrote on the 9 May 08 at 14:39
|
This is probably mostly because stuff lives in your homedir that needs to be accessible from outside like public_html. Solution is to make the directory it lives in (your home that is) +x but not +r or of course w (octal 1 in other words) and then one can still chdir there or through there but can't read it. The system knows what directories to look for.
What is needed is for the homedir to be set 0751.
|
|
natureflow wrote on the 13 Jun 08 at 12:49
| |
sudo dpkg-reconfigure adduser
|
|
Hawke wrote on the 13 Jun 08 at 15:23
|
Yes, workarounds are known. But it's important that the default be secure.
|
|
Craig73 wrote on the 26 Jun 08 at 18:43
|
I think the directory should be inaccessible by default or as part of setup or first login run a security wizard that asks these questions. It's always safer to be locked down first and then open it up after.
(actually... the security wizard seems like a nice idea for upgraders where new ideas on security setups could tighten up their setup)
In terms of allowing other users access (frustration around that) I think the /home/shared folder is a good idea as well.
For parents or others that feel they should have full access to another users home directory... add to Nautilus that when you hit an "access denied" that it give you the option of entering your (or the administrator) password to change the security on that folder [since it is the logical next action]
|
|
Amarsingh0793 wrote on the 30 Jun 08 at 16:50
| |
This is a very good idea. Even though I have never experienced this problem, if someone else starts to experience it, then we should find a solution and make it so that it is fixed in an update or a distro-upgrade. +1 from me
|
|
argh0 wrote on the 21 Jul 08 at 12:30
|
At first look I agreed with that. And then I thought about shared music libraries, shared videos...
Why not make the /home/user directory with access rights and a sub directory like /home/user/documents completely private ?
Or perhaps, a default encrypted directory called "the vault".
Or make a kind of "non user" or shared /home containing the music and everything.
And changing the privacy is so not a big deal with the "properties" menu !
|
Post your comment
|
|
|
