Re: How do I prevent User 'A' from seeing User 'B' /home contents

To: "Debian-User (E-mail)" <debian-user@lists.debian.org>
Subject: Re: How do I prevent User 'A' from seeing User 'B' /home contents
From: Alex Malinovich <demonbane@the-love-shack.net>
Date: Mon, 13 Oct 2003 01:09:53 -0500
Message-id: <[🔎] 1066025393.8281.1.camel@Thief>
In-reply-to: <[🔎] 20031012231058.GA13339@doorstop.net>
References: <[🔎] F102FB0D41335D47B1971BAC0C1F1D520C488B@bsa10.bsalifestructures.com> <[🔎] 20031010174709.GB12874@polishwonder.homeip.net> <[🔎] 20031012082344.GA1862@bmail.kek.jp> <[🔎] 20031012231058.GA13339@doorstop.net>

On Sun, 2003-10-12 at 18:10, Vineet Kumar wrote:
> * Nick Hastings (hastings@bmail.kek.jp) [031012 01:37]:
> > * Ryan Nowakowski <tubaman@mailandnews.com> [031012 16:56]:
> > > On Fri, Oct 10, 2003 at 10:53:46AM -0500, Wathen, Metherion wrote:
> > > > Hi all,
> > > > I need to know how to change permissions of each user so that
> > > > they only see their own home directory. As I write this i'm thinking
> > > > that I have to change the groups they are in, is that correct?
> > > 
> > > chmod 700 /home/*
> > 
> > Do _not_ do this. You don't want everything to be executable. You
> > just want to remove read permission for everyone except the owner. To
> > do that:
> > 
> > chmod -R go-r /home
> 
> Do _not_ do this.  As a system administrator, you have a responsibility
> to treat your users' data with the highest respect.  Metadata is still
> data.  File ownership and permissions are part of your users' data.
> Trampling them like this is very bad form.
> 
> Any time you think about using -R to things like chown, chgrp, and
> chmod, think first about whose data you're (irreversibly, in most cases)
> changing.  Root has the power to view, change, or remove every user's
> data.  The power, but generally not the right.  I would be a very angry
> user if an administrator of a system I worked on did this type of thing.
> Depending upon the context, I'd either take my dollars elsewhere (if a
> paying customer) or make sure the superiors knew of the abuse of power
> (if a corporate environment).

I agree. Unless you need to enforce a written policy of some sort by
restricting access, these decisions should be left to the users. Show
the users HOW to change their own home directory permissions, but do not
do it for them. If they choose to do it, then they can. Personally, I
believe that information should be shared, so I leave my home directory
world-readable. I only restrict access to those areas that contain
personal or otherwise sensitive information.

-- 
Alex Malinovich
Support Free Software, delete your Windows partition TODAY!
Encrypted mail preferred. You can get my public key from any of the
pgp.net keyservers. Key ID: A6D24837

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- How do I prevent User 'A' from seeing User 'B' /home contents
  - From: "Wathen, Metherion" <MWathen@bsalifestructures.com>
- Re: How do I prevent User 'A' from seeing User 'B' /home contents
  - From: Ryan Nowakowski <tubaman@mailandnews.com>
- Re: How do I prevent User 'A' from seeing User 'B' /home contents
  - From: Nick Hastings <hastings@bmail.kek.jp>
- Re: How do I prevent User 'A' from seeing User 'B' /home contents
  - From: Vineet Kumar <vineet@doorstop.net>

Prev by Date: Re: A Selection of XMMS Skins?
Next by Date: Re: copying entire hard drive
Previous by thread: Re: How do I prevent User 'A' from seeing User 'B' /home contents
Next by thread: Re: How do I prevent User 'A' from seeing User 'B' /home contents
Index(es):
- Date
- Thread