[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [users] Re: Why can't I?

On Thu, Jun 14, 2001 at 12:07:33PM -0400, D-Man wrote:
> It seems natural to me that my home dir is my own private property.
> Kind of like having your own room or a clubhouse as a kid, with a sign
> "Keep Out" on the door.  Making it world readable seems like leaving
> the door open, then wondering why someone is able to snoop about ;-).

Yeah, but kids have to put their own "Keep Out" signs up.  They don't come by
default with the door.

> I don't mean that unix in general is insecure, but that in this
> particular aspect it seems to be.

I still fail to see how it is insecure.  Different than what you, personally,
might expect, but individuals' expectations are not the ideal standard on
which to judge security.

> I wasn't really complaining, just curious.  I am certain that there is
> some history buried in here, like a great deal of other features in
> Unix.

Even outside of the Open Source/Free Software circles, *nix culture has, IMO,
always seemed very oriented towards sharing and collaboration.  It seems
natural to me, then, that home directories would traditionally have
permissions set such that their contents can be shared and collaborated upon.

I suppose a security argument could be made for readabiliyu as the default,
though:  If home dirs are unreadable by default, users will become used to
relying upon that to keep their private data hidden.  If the user then wants
to share one file with the world, they have to either make their home dir
readable or find a publically-writable place to put it.  The former is more
likely in most cases.  However, when making their home world-readable, the
accustomed protection of an unreadable directory is lost and they may not
realize that they now have to chmod go-r all their other files (or move them
to an unreadable subdir) and probably also change their umask to protect
future files.  (Note:  I didn't say this was a particularly good argument,
just that it could be made.)

It just seems a lot more reasonable to me for the default to be that most
things are open, but you can create hidden areas rather then for everything
to be hidden and no easy way to expose a small part of it without also
revealing everything else.

-- 
That's not gibberish...  It's Linux. - Byers, The Lone Gunmen
Geek Code 3.12:  GCS d? s+: a C++ UL++++$ P++>+++ L+++>++++ E- W--(++) N+
o+ !K w--- O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv+ b+ DI++++ D G e* h r y+
Reply to: