[Adduser-devel] Bug#398793: Default Homedir Permissions
Roger Leigh
rleigh at codelibre.net
Sat Feb 19 10:43:17 UTC 2011
On Thu, Feb 17, 2011 at 11:55:16AM -0500, Martin Owens wrote:
> > 0755 is not inherently insecure. Others can't make any changes, but
> > they can look. The only issue here is accidental disclosure of
> > information intended to be private.
>
> If public by default is the way we want to go, then why not have a
> Private folder be default in the users home directory? Combined with the
> indication emblem in nautilus; this might provide a space for users to
> put data. ATM it's too hard to teach users how to secure a folder or
> even how to set up an encrypted folder.
I think this is an excellent idea, because the presence of a "private"
folder in the user's home implicitly implies that the rest of the
home is /not/ private, i.e. is self-documenting. We could even put
a README file inside explaining what the purpose is, and how to change
the permissions should they want to.
We could even do the opposite (create a "public" folder) if the
permissions are 0750, though this would require either 0751 or
ACLs to be actually accessible. Again, we could include a README file
instructing the user how to do this.
The Nautilus emblems idea is, I think, a fairly straightforward
exercise should we wish to do this. I already puts "no entry" emblems
on folders you don't have permission to enter, so it's not a big
change to additionally flag up folders which other have read and write
access to.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20110219/0b16535d/attachment.pgp>
More information about the Adduser-devel
mailing list