OP has a 2nd thread here about the same topic:
https://ubuntuforums.org/showthread.php?t=2460569
OP has a 2nd thread here about the same topic:
https://ubuntuforums.org/showthread.php?t=2460569
My Apologies!!
After a detailed analysis, I've found out that the removal of the "other" permissions is NOT the culprit.
Rather, it's messy ownership of some of the directories, where not every directory/file was assigned to the correct owner.
I've fixed this issue with a new install and restore, and am confident that it will work (but have made an extra backup just in case).
I'm not as restrictive as @TheFu and target a 750 rights environment. That way interaction between users is still possible.
Again, Sorry, Mea Culpa.
In a default Ubuntu desktop environment, there is no practical difference between 750 and 700 since the group is also unique to the userid and doesn't have any other members. We often get lazy here, make assumptions based on Ubuntu and don't explain things clearly in the interest of not confusing people new to permissions.
And just like it is easy for us not to spend time explaining the "group" aspects, I could see where end-users wouldn't bother to learn and understand those either until they need them.
Deleted/misunderstood. Sorry.
Last edited by GhX6GZMB; April 26th, 2021 at 11:35 PM.
Have you looked at the gpasswd command? This lets us set a password on a "group" that can be shared quickly with non-members, then either changed or removed. Group members won't be bothered for the password.
From the manpage:
the -A flag means non-sudoers can still be group managers. Handy for dynamic software development teams with visiting developers.Code:If a password is set the members can still use newgrp(1) without a password, and non-members must supply the password. Notes about group passwords Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users. ... -A, --administrators user,... Set the list of administrative users.
Just another option for consideration.
Bookmarks