Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Home folder security

  1. #1
    Join Date
    May 2013
    Beans
    20

    Home folder security

    Hello all,

    I have been using Ubuntu for a few weeks now as my first foray in to Linux and I really love it. However I came across something recently which confuses me. Someone wants to borrow my laptop for a few days. Its someone I trust however I don't really want them having access to my home folder as all my work is kept there. The obvious thing to me was to create a new user for her, which I did. But when I logged in as her to test it, I was able to navigate to my home folder and access documents etc with no problem. I only have Windows to go by but surely your home folder shouldn't be accessible to to other users by default?

    Jon

  2. #2
    Join Date
    May 2009
    Location
    Indiana
    Beans
    1,785
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Home folder security

    I believe the default is to let others view, but not edit, files in your home directory. If course, that can be changed.
    Jane, stop this crazy thing!

  3. #3
    Join Date
    Mar 2012
    Beans
    776
    Distro
    Ubuntu Development Release

    Re: Home folder security

    It depends on what he/she needs. If he/she needs it only for browsing on the internet, reading mails (gmail) etc..., then I think guest account will be perfect. Just tried it and I was not able to acces home directory from guest account.

    I DON'T EVEN KNOW WHAT A QUANTAL QUETZAL IS...BUT IT SOUNDS LIKE PRETZEL AND I LIKE PRETZEL

  4. #4
    Join Date
    Aug 2013
    Beans
    13

    Re: Home folder security

    I don't know if this helps or not but it just seems like there should be a way to password protect your home folder. I went to the home folder properties and perhaps if you on the others section to "none" this would make it inaccessible to her. I havent tried it but it may work.

    The Ubuntu Desktop guide (what appears when you press the help button) says this on files,
    Files


    You can set the permissions for the file owner, the group owner, and all other users of the system. For your files, you are the owner, and you can give yourself read-only or read-and-write permission. Set a file to read-only if you don't want to accidentally change it.
    Every user on your computer belongs to a group. On home computers, it is common for each user to have their own group, and group permissions are not often used. In corporate environments, groups are sometimes used for departments or projects. As well as having an owner, each file belongs to a group. You can set the file's group and control the permissions for all users in that group. You can only set the file's group to a group you belong to.
    You can also set the permissions for users other than the owner and those in the file's group.
    If the file is a program, such as a script, you must select Allow executing file as program to run it. Even with this option selected, the file manager may still open the file in an application or ask you what to do. See Executable text filesfor more information.



    Also on folders,
    Folders


    You can set permissions on folders for the owner, group, and other users. See the details of file permissions above for an explanation of owners, groups, and other users.
    The permissions you can set for a folder are different from those you can set for a file.
    NoneThe user will not even be able to see what files are in the folder.
    List files onlyThe user will be able to see what files are in the folder, but will not be able to open, create, or delete files.
    Access filesThe user will be able to open files in the folder (provided they have permission to do so on the particular file), but will not be able to create new files or delete files.
    Create and delete filesThe user will have full access to the folder, including opening, creating, and deleting files.



    You can also quickly set the file permissions for all the files in the folder by using the File access drop-down lists and the Execute option. Leave the drop-down lists as --- for no change, or the Execute check box in the indeterminate state (a horizontal line across it).
    If you click Apply Permissions to Enclosed Files, the file manager will adjust the read, write, and execute permissions of contained files based on the File access and Execute options you set. It will also change the permissions of contained folders to match the permissions of that folder. Permissions for enclosed files are applied to files in subfolders as well, to any depth.

    Hope this helped!

    Quinton



  5. #5
    Join Date
    Dec 2009
    Beans
    5,340

    Re: Home folder security

    Code:
    chmod 770 /home/morbius
    Change morbius to your own user name.

    She will know you have a home directory but if she tries to access it ( even to see what's inside ) she will get a permission denied error.

    Now if you gave her sudo privileges then you have more to worry about than her accessing your home directory

    EDIT: Resist the temptation to do a recursive chmod ( as in chmod -R 770 /path/to/file ) or if you are doing this graphically DO NOT choose: Apply Permissions to Enclosed Files. It's unnecessary since file access is done via the path to something. Put a roadblock up anywhere along the path to an object prevents access to anything beyond it.
    Last edited by Morbius1; August 23rd, 2013 at 09:33 PM.

  6. #6
    Join Date
    Aug 2013
    Beans
    13

    Re: Home folder security

    Morbius1
    Re: Home folder security
    Code:
    chmod 770 /home/morbius
    Change morbius to your own user name.



    See... I have no idea what this command even does. Would you mind explaining it to me? Also how would you undo it?

  7. #7
    Join Date
    Jul 2005
    Location
    England
    Beans
    13,532

    Re: Home folder security

    That command will mean that only you as user and root will be able to access your /home. I think, however, that it needs to be a recursive command, ie, chmod -R 770 /home/morbius
    DISTRO: Xubuntu 12.04-64bit --- Boot-Repair --- Grub2 wiki & Grub2 Basics --- RootSudo

  8. #8
    Join Date
    Dec 2009
    Beans
    5,340

    Re: Home folder security

    770

    Each digit in that sequence refers to a different user. The first is user, the second is group, and the third is others ( everyone else ).

    The numbers have meaning:
    1 = Execute ( for a file it means what it says but for a folder it means to traverse - to open it to see what's inside )
    2 = Write
    4 = Read

    They are additive so a 5 = Execute + Read ( 1+4 ), a 7 = Execute + Write + Read ( 1+2+4 ).

    If you want top stop everyone ( except root of course and yourself ) from seeing anything within your home directory you can either use 750 or 770 or even 700. The important one with respect to this topic is the last digit. Making it 0 means it has no permissions to "others". Everyone other than you is "others".

    So set it to 750, 770, or 700 before you send it off with someone else then undo it when you get it back: chmod 775 or chmod 755
    The second digit in this context really doesn't matter since owner = group on your home directory.

    And you don't want it to be recursive for 2 reasons:

    [1] It is not necessary - you don't access a file directly - you access it through it's path.

    So let's say I have a file that has permissions of 666. That would be a bad thing if someone else could access it directly but they can't. They have to go though /home/morbius to get to the file. If I set permissions on /home/morbius to block everyone other than me then no one but me will even see that I have a file.

    [2] Besides, You certainly don't do recursive chmod'ing using octal permissions:
    Code:
    chmod -R 770 /home/morbius
    Octal chmod isn't smart enough to differentiate a file from a directory so it will apply 770 to every file as well as every folder. You just made every file in my home directory executable and that is not a good thing.

    This is all that's necessary:
    Code:
    chmod 770 /home/morbius
    Last edited by Morbius1; August 23rd, 2013 at 11:26 PM.

  9. #9
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    5,434
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Home folder security

    Quote Originally Posted by ajgreeny View Post
    I think, however, that it needs to be a recursive command, ie, chmod -R 770 /home/morbius
    Nooooooo!
    Do NOT use the -r to make it recursive. This will make a right mess of lots of things. It is enough to change the permissions of the home directory so that other users can't get into it. Because they can't get into that directory, they can't get to see anything underneath either.

    You need to use sudo to use that command though, and I would be inclined to only allow read to members of the user's group like this:
    Code:
    sudo chmod 750 /home/morbius

  10. #10
    Join Date
    Dec 2009
    Beans
    5,340

    Re: Home folder security

    Not at all clear to me why one needs to invoke a chmod as sudo on one's own home directory since it's clearly owned by that user - but it certainly won't do any harm.

    It's also not clear to me why you would need to keep the group a 5 instead of a 7 unless you are in the habit of adding different users to your own group - but it's not enough to get into an argument about.

    What's really not clear to me is why this thread wont end - the machine has left the building - it's in the hands of the woman he promised it to - it's too late now

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •