[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Home directory viewable from another profile

AG wrote:
> I have created another account for someone who will need to use my  
> computer for a while.  However, when checking this, I found that my own  
> files are viewable from this second account.

By default files in the home are readable but not writable.

> How do I set the permissions so that the contents of my own /home/ag  
> account are not viewable from the new user account?

  $ chmod o-rwx ~/

That is 'o' for 'other' minus read-write-execute permissions.  You can
run that recursively if you like with 'chmod -R'.

> For obvious reasons, I want to be careful about the permissions I
> set so I don't lock myself out.  I think that it is chown 700
> /home/ag -R but can someone please confirm that this will do what I
> want before I screw things up.

I commend you for asking.  Using 'chown 700 /home/ag -R' would
probably fail but does something completely different on two counts.
One is that you want chmod not chown.  'chown 700' would try to change
the ownership to user number 700, but would probably fail since only
root can give away file ownership[1].

But then if you had actually used 'chmod 700' it would be bad because
that hard sets the execute bit on every file!  You don't want that
either.  Also you really have no reason to lock out your own group, it
is your own group after all, so leave off the group restriction.  Read
up on UPG (user private groups) for more information.

Using the symbolic modes is the modern way (modern as in as of around
twenty years ago modern) and avoids the trap of hard setting all of
the bits.  I think they are easier for people to understand too.  If
you want to do it the old way with hard numbers then using 'find' is
the way to go.  And if you have messed things up then some creative
find commands can repair things.


[1] http://www.gnu.org/software/coreutils/faq/#Why-can-only-root-chown-files_003f

Attachment: signature.asc
Description: Digital signature

Reply to: