Why can other users see the files in my home folder? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)How to make sure other users can't see my files?Default home directory permission allow read?Why do user directories have such lax permissions by default?What is “umask” and how does it work?How do file permissions work?How can I prevent other users from accessing my home directory?Hide multiple files at once with shell scriptIs there a default folder for sharing files with other users?Why is a user not a member of their private group (UPG) according to the GUI? (although CLI proves the opposite…)Is running unknown applications in a separate non root account safe?How can I restrict program access to other users?How to make sure other users can't see my files?Share folder between usersHome folder not writeableHow can I mv files from another user to my Home folder (knowing the password of the other user)?Want to share only the MUSIC folder with the other users and not HOME folder completelyAccessing Files in Other Users FTP Folder?16.04 - attempting to take ownership of home directory of other user via shared group privilegesUnable to access old (deleted) user's home folder and files and don't have permissions to read, write or delete themCan root see my encrypted /home folder?
Significance of Cersei's obsession with elephants?
Why wasn't DOSKEY integrated with COMMAND.COM?
Maximum summed powersets with non-adjacent items
Should I use a zero-interest credit card for a large one-time purchase?
Is it ethical to give a final exam after the professor has quit before teaching the remaining chapters of the course?
What does "lightly crushed" mean for cardamon pods?
Why are there no cargo aircraft with "flying wing" design?
An adverb for when you're not exaggerating
Why didn't Eitri join the fight?
Dating a Former Employee
Fantasy story; one type of magic grows in power with use, but the more powerful they are, they more they are drawn to travel to their source
Can a new player join a group only when a new campaign starts?
How to compare two different files line by line in unix?
First console to have temporary backward compatibility
How to find all the available tools in mac terminal?
Do square wave exist?
When was Kai Tak permanently closed to cargo service?
What do you call the main part of a joke?
Fundamental Solution of the Pell Equation
Is it cost-effective to upgrade an old-ish Giant Escape R3 commuter bike with entry-level branded parts (wheels, drivetrain)?
Would "destroying" Wurmcoil Engine prevent its tokens from being created?
Do I really need to have a message in a novel to appeal to readers?
How could we fake a moon landing now?
Around usage results
Why can other users see the files in my home folder?
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)How to make sure other users can't see my files?Default home directory permission allow read?Why do user directories have such lax permissions by default?What is “umask” and how does it work?How do file permissions work?How can I prevent other users from accessing my home directory?Hide multiple files at once with shell scriptIs there a default folder for sharing files with other users?Why is a user not a member of their private group (UPG) according to the GUI? (although CLI proves the opposite…)Is running unknown applications in a separate non root account safe?How can I restrict program access to other users?How to make sure other users can't see my files?Share folder between usersHome folder not writeableHow can I mv files from another user to my Home folder (knowing the password of the other user)?Want to share only the MUSIC folder with the other users and not HOME folder completelyAccessing Files in Other Users FTP Folder?16.04 - attempting to take ownership of home directory of other user via shared group privilegesUnable to access old (deleted) user's home folder and files and don't have permissions to read, write or delete themCan root see my encrypted /home folder?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
add a comment |
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
add a comment |
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
asked Jun 2 '11 at 1:53
ændrükændrük
42.4k61195343
42.4k61195343
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
add a comment |
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
add a comment |
6 Answers
6
active
oldest
votes
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
add a comment |
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
2
Of course other users shouldn't be sudoers.
– Pablo Bianchi
Feb 3 '18 at 4:29
add a comment |
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment |
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
10
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
1
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
1
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment |
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
32216
add a comment |
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered 19 mins ago
v010dyav010dya
7022929
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f46501%2fwhy-can-other-users-see-the-files-in-my-home-folder%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
add a comment |
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
add a comment |
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
edited Apr 13 '17 at 12:25
Community♦
1
edited Apr 13 '17 at 12:25
Community♦
1
edited Apr 13 '17 at 12:25
Community♦
1
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
124k49270362
124k49270362
add a comment |
add a comment |
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
2
Of course other users shouldn't be sudoers.
– Pablo Bianchi
Feb 3 '18 at 4:29
add a comment |
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
2
Of course other users shouldn't be sudoers.
– Pablo Bianchi
Feb 3 '18 at 4:29
add a comment |
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
edited Jun 2 '11 at 2:25
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
558312
558312
2
Of course other users shouldn't be sudoers.
– Pablo Bianchi
Feb 3 '18 at 4:29
add a comment |
2
Of course other users shouldn't be sudoers.
– Pablo Bianchi
Feb 3 '18 at 4:29
2
2
Of course other users shouldn't be sudoers.
– Pablo Bianchi
Feb 3 '18 at 4:29
Of course other users shouldn't be sudoers.
– Pablo Bianchi
Feb 3 '18 at 4:29
add a comment |
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment |
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment |
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
edited Feb 7 '18 at 17:04
David Foerster
28.7k1367113
28.7k1367113
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,39612733
7,39612733
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment |
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
4
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment |
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
10
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
1
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
1
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment |
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
10
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
1
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
1
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment |
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
answered Sep 28 '13 at 22:48
ignisignis
3,3112024
3,3112024
10
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
1
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
1
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment |
10
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
1
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
1
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
10
10
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
1
1
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
1
1
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment |
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
32216
add a comment |
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
32216
add a comment |
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
32216
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
32216
answered Mar 25 '12 at 19:11
spinupspinup
32216
answered Mar 25 '12 at 19:11
spinupspinup
32216
answered Mar 25 '12 at 19:11
spinupspinup
32216
32216
add a comment |
add a comment |
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered 19 mins ago
v010dyav010dya
7022929
add a comment |
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered 19 mins ago
v010dyav010dya
7022929
add a comment |
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered 19 mins ago
v010dyav010dya
7022929
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered 19 mins ago
v010dyav010dya
7022929
answered 19 mins ago
v010dyav010dya
7022929
answered 19 mins ago
v010dyav010dya
7022929
answered 19 mins ago
v010dyav010dya
7022929
7022929
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f46501%2fwhy-can-other-users-see-the-files-in-my-home-folder%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20