Re: Default Homedir Permissions
On Thu, 2011-02-17 at 15:24 +0000, Roger Leigh wrote:
> Yes, but like everything there is a tradeoff. A totally secure system
> is an unusable system. Having to instruct every user how to relax the
> permissions to allow others to access their files, or allow their web
> pages to be visible, is effectively pointless make-work if that was
> you wanted in the first place. And for most people, I would argue
> /is/ what is wanted.
You don't want to make it harder for users, but this is where design can
help. If we need to make a system which prevents cross user file
attacks, then we could fairly easily implement these things:
* Shared Folder, directory which is available to all users where they
can put explicitly shared contents (MacOSX does this).
* Make sure shared folders via smb/nfs are accessible, make it clear
that this would share files inside the system as much as on the network.
* A program which allows temporary file access to another user's home
folder after the user have authorised the access.
> Remember that historically, multi-user systems have been about sharing
> and collaboration, not isolation in walled-off prisons. I know which
> type of system I want, and it's not the latter.
Yes, but we don't make it clear that a user's home directory is a
free-for-all with all users. Folder indicators would be useful. But do
users know that they've signed up for this when they installed Ubuntu?
I think it's more likely that Ubuntu users think the data is protected
until the magic time when cross-user file access is demanded and then
it's unprotected for that one instance. Computers are magic after all.
Asking users would be key to answering that.
> 0755 is not inherently insecure. Others can't make any changes, but
> they can look. The only issue here is accidental disclosure of
> information intended to be private.
If public by default is the way we want to go, then why not have a
Private folder be default in the users home directory? Combined with the
indication emblem in nautilus; this might provide a space for users to
put data. ATM it's too hard to teach users how to secure a folder or
even how to set up an encrypted folder.