[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: encrypting the users' folders



On Sun, Jul 03, 2005 at 02:03:39PM -0800, Greg Madden wrote:
> On Saturday 02 July 2005 11:16 pm, Dominik Margraf wrote:
> > Currently, the default setting is that root can see and modify
[snip]
> The default permission for the first user (greg) on a new install on my 
> Sarge box is: 'drwxr-xr--   70 greg greg   4096 2005-07-02 15:22 greg' 
> No other using can cd into or view the contents of the 'greg' home 
> directory. This is the equivalent of an octal setting of '754', so if 
> your home dir does not have these permissions set, doing the following 
> command from a command prompt on a home directory will make the dir 
> accessible to the user only.
> 'chmod -R 754 /home/<user name>/'

Dominik's point is that root can do anything he or she wants
to your home folder. That is true, regardless of what
permissions you set on your folder. If you have root on a
machine, try this experiment:

1) Create a file in your home folder:

echo "Some text that no one should be able to see" > ~/foo

2) Set the permissions on it so that it's only readable by
the owner:

chmod 400 ~greg/foo

3) Become root:

su

4) Look at the file:

cat ~greg/foo

5) Change the permissions on it so that everyone can read it
and write it:

chmod 666 ~greg/foo

6) Stop being root:

exit

-- 
Stephen R. Laniel
steve@laniels.org
+(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key

Attachment: signature.asc
Description: Digital signature


Reply to: