On Wednesday 04 November 2009 03:30:42 Basil Chupin wrote:
Read, write, execute I can change on files that belong to me, but I can't change owner.
Most interesting!
Thank you, Rajko, for pointing this out
So, the security in Linux is NOT what, for many years, I have believed it to be.
I, and thousands of others, have been duped for all this time.
Not really. You have to understand file ownership and access permissions to be able to use it to protect your privacy, and in example above you missed that any application, including console, file manager, can do whatever you can do. That was repeated time and again. That is the reason why browsing the Internet from the same account you use to work on private data doesn't provide any real privacy. If you really want to have private data then create another user account, fix permissions so that no one except you can even see private directories, which means user rwx, group ---, other --- . which is 700 in octal numbers, and never access Internet, or use network enabled applications with that account. Not to forget set /tmp and few other places that contain traces of that account activity to be cleaned up after you log out, and you have privacy.
However, does the ability to alter the permissions to read, write, execute of something which I "own" (but the ownership of which I cannot change) mean that any alteration can also have a flow-on to system files/applications outside my /home directory?
Flow-on I guess means influence, and then the answer is no, with exception of places like /tmp and /var, and in that places only files that belong to account that created them. It is actually not that simple, some applications create temp files that anybody read, so cleanup on logout is the only way to close possibility that information leaks. By default root is owner of almost any file on your system and changing access permissions in, for instance, ~/.macromedia influenced only Flash activity in your home, but that only because Flash: 1) is not designed as spyware 2) probably knows how to create that directory if it is missing, but it doesn't know how to repair permissions. It is just missing functionality in Flash, not real inability to do whatever you can do, including to revert your changes on ~/.macromedia, read, write end execute any and all files that belong to account that is running Flash. Ditto advice to restrict any activity in account with private data to minimum that is necessary to work on them. If you like to listen music when you work on your memoirs then use some CD/DVD player that is not in that computer. -- Regards, Rajko OpenSUSE Wiki Team: http://en.opensuse.org/Wiki_Team People of openSUSE: http://en.opensuse.org/People_of_openSUSE/About -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org