[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do I prevent User 'A' from seeing User 'B' /home contents



* Nick Hastings (hastings@bmail.kek.jp) [031012 01:37]:
> * Ryan Nowakowski <tubaman@mailandnews.com> [031012 16:56]:
> > On Fri, Oct 10, 2003 at 10:53:46AM -0500, Wathen, Metherion wrote:
> > > Hi all,
> > > I need to know how to change permissions of each user so that
> > > they only see their own home directory. As I write this i'm thinking
> > > that I have to change the groups they are in, is that correct?
> > 
> > chmod 700 /home/*
> 
> Do _not_ do this. You don't want everything to be executable. You
> just want to remove read permission for everyone except the owner. To
> do that:
> 
> chmod -R go-r /home

Do _not_ do this.  As a system administrator, you have a responsibility
to treat your users' data with the highest respect.  Metadata is still
data.  File ownership and permissions are part of your users' data.
Trampling them like this is very bad form.

Any time you think about using -R to things like chown, chgrp, and
chmod, think first about whose data you're (irreversibly, in most cases)
changing.  Root has the power to view, change, or remove every user's
data.  The power, but generally not the right.  I would be a very angry
user if an administrator of a system I worked on did this type of thing.
Depending upon the context, I'd either take my dollars elsewhere (if a
paying customer) or make sure the superiors knew of the abuse of power
(if a corporate environment).

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
http://www.anti-dmca.org/	

Attachment: signature.asc
Description: Digital signature


Reply to: