On 2017-01-26 23:02, Daniel Bauer wrote:
So it looks to me, that everything within home/daniel (drwx------) is save, and the umask thing is not necessary.
??? Or am I just not enough a hacker?
See this structure: cer@Telcontar:~/tmp/daniel> tree -p . ├── [drwx------] one │ ├── [drwxr-xr-x] inside │ │ └── [-rw-r--r--] p2 │ └── [-rw-r--r--] p └── [drwxr-xr-x] two ├── [-rw-r--r--] hard-p └── [lrwxrwxrwx] symbolic -> ../one/inside/ 4 directories, 3 files cer@Telcontar:~/tmp/daniel> 'hard-p' is a hard link to 'p2' in the other directory. Now I change to another user. I do not have access to "one": cer@Telcontar:~/tmp/daniel> su cer-g Password: cer-g@Telcontar:/home/cer/tmp/daniel> cd two/ cer-g@Telcontar:/home/cer/tmp/daniel/two> l total 4 drwxr-xr-x 2 cer users 34 Jan 26 23:46 ./ drwxr-xr-x 4 cer users 26 Jan 26 23:43 ../ -rw-r--r-- 2 cer users 7 Jan 26 23:47 hard-p lrwxrwxrwx 1 cer users 14 Jan 26 23:44 symbolic -> ../one/inside/ cer-g@Telcontar:/home/cer/tmp/daniel/two> l symbolic/ ls: cannot access 'symbolic/': Permission denied cer-g@Telcontar:/home/cer/tmp/daniel/two> cat hard-p dentro cer-g@Telcontar:/home/cer/tmp/daniel/two> But I can read the file inside the directory, because I created a hard link to it. But user cer-g can not create that link, anyway. Me, I prefer Wol's solution, it allows sharing if wanted. Other Linux distros do that by default, create a different group for each user. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)