Propose your solution
Attachments
Duplicates
Comments
|
TBH
wrote on the 30 Mar 08 at 19:37
|
|
|
Seriosuly man, WTF?
chmod 750 -R /home/tbh/
chown tbh:tbh -R /home/tbh
and nobody except root can not access my personal data.
This do not neet fix. It need thinking.
|
|
|
|
So now I need to open the command line and manually enter commands in order to secure my computer to prevent other people from accessing files on MY account?
|
|
Lee
wrote on the 30 Mar 08 at 20:35
|
|
|
|
@TBH: no, it doesn't matter that it's easy to fix. No matter how easy things are, one of them will always be missed if they all have to be done manually. "Secure by default" is an important security principle. Moreover, easy for some is complex for others, and those others are precisely the ones who need security defaults. Advanced users who know about permissions, creating users/groups, etc. will probably customise no matter what the default is.
|
|
mribecky
wrote on the 30 Mar 08 at 20:37
|
|
|
|
No, go with naitilus to /home, right click in your home > properties > permissions. Then change "Others" permissions to none then "Apply permissions to enclosed files"
|
|
|
mribecky,
It should be secure by default.
People told me that Linux is secure.
I assumed it was.
I shouldn't have to secure it manually...
|
|
vexorian
wrote on the 30 Mar 08 at 21:22
|
|
|
That's a little lame to say.
Privacy and security are unrelated topics, you are mostly talking about letting someone with access to your computer and expecting him not to find stuff, even if home was invisible by default, the guy would be able to access your stuff using the recovery mode or by inserting a live cd.
The most secure system is not going to protect you about a guy having physical access to your computer.
|
|
vexorian
wrote on the 30 Mar 08 at 21:24
|
|
|
|
You didn't tell the system the files were private, so the guessing account was accessing your public files, not your private files.
|
|
|
With disk encryption, someone with physical access to the computer would not be able to access my files using recovery mode or a live CD.
The system should assume that anything in MY home directory were private files.
|
|
|
Eldmannen:
AFAIK, Windows (XP) does this as well. You can refine the so called 'security' for each file. Linux, just has a better way of preforming the same task.
|
|
|
ziggyfish,
As far as I know, when using Windows XP together with NTFS, you cannot access other peoples data from their accounts.
|
|
mribecky
wrote on the 31 Mar 08 at 01:18
|
|
|
@Eldmannen
As vexorian said, this is not a security issue, its a privacy thing. Considering Ubuntu is a desktop OS, the only people able to access it are people you allow, so I dont think ubuntu should hide anything unless told to.
|
|
|
|
With all due respect, changing the permissions of your home directory so that other users can't read your files is very easy in Nautilus. As far as I know, the standard permissions on virtually all systems give read only access to other users on the same machine, and this is a very sensible default. You can imagine there would be a lot more confused people if users on a system couldn't share files by default.
|
|
|
mribecky,
I think privacy and security, while not the same thing, goes hand-in-hand. There are no privacy category, so I picked security.
Just because I allow someone to use my computer, does not mean I want them looking through all my personal stuff.
alberge204,
We shouldn't justify a faulty behavior on the basis that "hey, they are doing it too".
This behavior is wrong, and should be fixed. Yes, it is easy to fix (for those people aware of the problem), but it should be secure by default.
|
|
|
Eldmannen,
I think you remember wrong. Although in XP there is the option to restrict your home directory (or any other), it isn't enabled by default.
I don't know what would be the better way for most people.
For me, the actual default is OK.
Maybe it would be a solution, if you can decide through the installation process.
|
|
|
|
What is the point of having a password protected account, if people can access your files?
|
|
|
|
In my opinion, even if this were a bug, this is not a bug report platform, so you should use the Ubuntu launchpad for this.
|
|
Agony
wrote on the 31 Mar 08 at 14:56
|
|
|
Change it so that no one can see the files in your homefolder and people will be crying because no one can share their files with their family. (or other users)
Frankly I think this is the right way to do things; If you put something inside your house(computer) all other members of your family(who live in the same house/use the same computer) will be able to access it, unless you put a lock on it(change the default permissions)
Privacy and Security do not go hand in hand, but through security bugs your privacy can often be compromised. This is not the case though, nobody online(unless he knows your password and you got something like SSH installed) can get to your files.
And the reason you got a password protected account is to prevent anyone from MODIFYING or DELETING those files in your home folder.
I hope this clears it up, if this is such a big issue perhaps the installer should ask "oh users on the same machine can access your files, do you need more privacy?" Although I hope we get an "expert" installation mode where this kind of question is just left out, there is a limit to how much hand holding a user can tolorate.
|
|
Shii
wrote on the 31 Mar 08 at 21:59
|
|
|
|
This is unexpected behavior; therefore, it should be fixed. It's that simple.
|
|
|
(Nicely stated, Agony)
The word "assume" has been used/implied several times in this discussion, e.g.:
"I assumed [Linux was secure]."
"The system should assume that anything in MY home directory were private files."
"This is unexpected behavior..."
Unexpected? Let's take a moment to look at OpenBSD, one of the (if not *THE*) most secure Unix systems available today. According to http://www.openbsd.org/cgi-bin/man.cgi?query=umask&apropos=0&sektion=0&manpath= OpenBSD+Current&arch=i386&format=html the default umask in OpenBSD is 022: only write permission is withheld from other users.
We should remember that "other" users includes system users like daemon, bin, sys, lp, gdm, and mysql. If you lock down your entire home directory, you may lose the ability to read your own configuration files or run some programs.
If you remove read and execute permission from your home directory, then other users cannot even find the files you *want* them to be able to read unless they know the exact full pathname.
If you have data that is truly private, it is up to *YOU* to mark it as private--even encrypting it if necessary.
|
|
|
in debian you can choose if you want to have "system wide readable home directories" or not.
Ubuntu is a debian derivate.
Ubuntu chose that way, so that is no no mishappen.
But in my opinion it is very bad to, so i vote for security.
Anyone could change his home dir readable if he wants.
But it does not comply with Ubuntus "no default open ports" philosophy.
|
|
Hawke
wrote on the 4 Apr 08 at 15:52
|
|
|
Agony wrote,
"people will be crying because no one can share their files with their family"
And people will be crying because their family found those files they didn't want others to see.
Either statement is not a valid one to build a system default from, even if they were both true.
"Secure by default" is, though.
See also articles like this: http://www.bestsecuritytips.com/news+article.storyid+245.htm
From the article, "Always chose carefully the folders and files which you intend to share ...". That article refers to p2p file sharing, but the general principle of not sharing with (potentially) untrusted other people applies here.
|
|
|
I think it would really be better to split the home directories into a private part and a local-shared part, where from the beginning both of them already have their own access rights.
The first with full access to the owner, restricted access to the group, and no access to the others (so a 027 Umask).
The second would just be adding rights to the others (022).
New users would just have to ask themselves if they want or not to share their files to know where they have to put them.
/home/[user]/ or /home/[user]/shared/
|
|
|
|
Agreed. Only you and root should be able to look at your /home.
|
|
banana
wrote on the 10 Apr 08 at 08:30
|
|
|
There was a question in the default installer when you add a new user:
should the home directory be home readable ?
you could check yes/no.
(At least it was in the debian and ubuntu text installer).
Where did it go ?
It should be restored if it's gone.
|
|
banana
wrote on the 10 Apr 08 at 08:31
|
|
|
small typo:
should the home directory be WORLD readable.
sorry
|
|
alvevind
wrote on the 19 Apr 08 at 10:44
|
|
|
+1
I think the "secure by default" policy should imply privacy between non-privileged user accounts. Perhaps have a "Shared Files" folder for each account that is open to the other users.
|
|
|
This is especially important if http://brainstorm.ubuntu.com/idea/1474/ was to be implemented.
What if because of a security hole, a remote user gains access to the guest account and get your files ?
Stolen informations can be worse than lost informations.
|
|
|
|
I forgot to suggest to create by default a "sharing folder" with read access to everybody.
|
|
|
Interesing. The default for all other linux and unix operating systems that I have used is for the a user's home directory to only be accessible by that user.
Sometimes Ubuntu deviates in very questionable ways.
By default the only person who should be able to read a user's files is that user. They can always change it if they want to give access to others.
|
|
|
|
While I've gotta agree that a users home dir. should only be viewable by him and root... I can't agree that this is all that big a deal... especially since I can fix it in half a minute. :P
|
|
|
This is probably mostly because stuff lives in your homedir that needs to be accessible from outside like public_html. Solution is to make the directory it lives in (your home that is) +x but not +r or of course w (octal 1 in other words) and then one can still chdir there or through there but can't read it. The system knows what directories to look for.
What is needed is for the homedir to be set 0751.
|
|
|
|
sudo dpkg-reconfigure adduser
|
|
Hawke
wrote on the 13 Jun 08 at 15:23
|
|
|
Yes, workarounds are known. But it's important that the default be secure.
|
|
Craig73
wrote on the 26 Jun 08 at 18:43
|
|
|
I think the directory should be inaccessible by default or as part of setup or first login run a security wizard that asks these questions. It's always safer to be locked down first and then open it up after.
(actually... the security wizard seems like a nice idea for upgraders where new ideas on security setups could tighten up their setup)
In terms of allowing other users access (frustration around that) I think the /home/shared folder is a good idea as well.
For parents or others that feel they should have full access to another users home directory... add to Nautilus that when you hit an "access denied" that it give you the option of entering your (or the administrator) password to change the security on that folder [since it is the logical next action]
|
|
|
|
This is a very good idea. Even though I have never experienced this problem, if someone else starts to experience it, then we should find a solution and make it so that it is fixed in an update or a distro-upgrade. +1 from me
|
|
argh0
wrote on the 21 Jul 08 at 12:30
|
|
|
At first look I agreed with that. And then I thought about shared music libraries, shared videos...
Why not make the /home/user directory with access rights and a sub directory like /home/user/documents completely private ?
Or perhaps, a default encrypted directory called "the vault".
Or make a kind of "non user" or shared /home containing the music and everything.
And changing the privacy is so not a big deal with the "properties" menu !
|
|
young
wrote on the 14 Sep 08 at 08:16
|
|
|
|
also voted for but now when i think about it, it wolud be better to have a separate "private" folder
|
|
Auzy
wrote on the 14 Sep 08 at 09:00
|
|
|
|
Both OSX and Vista make this possible by making home directory encryption easy, out of the box. We suck at ease of use because unfortunately some of the linux crowd feels that commands in CLI are user friendly
|
|
|
Correct me if I'm wrong on any of this:
I found Ubuntu uses the Debian umask of 022, but I can change that to something like 027 (~/.profile)... so then I'm good, right? ...well, now I find out that my Gnome/KDE file managers will still create with 022, so I change the /etc/login.defs umask value (or is that only for *new* logins?)... but no go... so I changed the rights...
chmod -R o-rwx /home
chmod 755 /home
that gave me the 750 permissions in the individual home dirs that I wanted, but Nautilus still saves as 755/644 (umask 022)! I finally fixed it by changing the umask in the global profile (/etc/profile), and now it works.
I know I probably did a step I didn't have to, but hopefully that helps someone that doesn't want the "you can view anyone's files except for root" filesystem.
:)
|
|
bit7
wrote on the 16 Jan 09 at 20:16
|
|
|
Thank you for your post matsonfamily. It's very helpful.
I think default umask 022 is ok, because group users can read, if they are in the same group like the owner.
|
|
bit7
wrote on the 16 Jan 09 at 22:06
|
|
|
I have checked the umask 022 (644) and see that of course others have the right to read too. So umask 027 in /etc/profile in case of setting user folder private is better than umask 022.
Not so easy for a linux noob to understand all that permission stuff :)
Something like the mac os would of course nice for users like me...
|
|
bit7
wrote on the 21 Jan 09 at 19:04
|
|
|
One issue of matsonfamily suggestion is that after i set "chmod 755 /home", i got umask 022 when i add a new user, although in /etc/profile is setting 027 as default.
So i have to set the new user folder to 700 to restrict other users access to this folder.
|
|
smartin
wrote on the 10 Jul 09 at 16:18
|
|
|
Hi,
It seems that this issue has been abandoned but I'm nearly having a nervous breakdown about it.
Having Home folders readable by any user on the box is completely insane. To tout Ubuntu as 'Secure by design' and release it in this state beggars belief.
Plainly Home folders should be readable *only* by the owner. Shared folders should be clearly marked as such.
This is a matter of security and privacy. It should be fixed as a matter of priority.
Simon
|
aysiu
(Brainstorm moderator)
wrote on the 12 Jul 09 at 08:41
|
|
|
"Change it so that no one can see the files in your homefolder and people will be crying because no one can share their files with their family. (or other users)"
Or do it the way Windows and Mac do, which is actually the correct way: make it so users cannot read each other's files, and then have a separate shared folder where shared content be put and accessed by all users.
|
|
|
|
I Agree with this Idea the contents of the home directory shouldn't be readable by default to other users, not only that it shouldn't even be viewable or accessible from another system, some kind of strong encryption or something is needed to help safe guard the system. Its one thing if you make a folder or file public, but another if someone can access it via other means when you have made it private, you shouldn't need to encrypt a file with some other program.
|
Post your comment
|
Blueprint secure-home:
Ubuntuforums.org thread #1210175
