On Wednesday, August 24, 2005 @ 9:44 AM, James Knott wrote:
Jos van Kan wrote:
James Knott wrote:
Forgot to mention, the default configuration in SuSE has everyone in the "users" group and then gives group members read access to all the home directories. In Red Hat, each user is given his own group, which keeps others out of his home directory. To do this in SuSE, you either have to change the user's group after creating the user or use Webmin to create the user. It's also a good idea to change /etc/skel, to remove the group permissions, when a user is created. I have no idea why SuSE fails on this issue, when they're supposed to be so focused on security.
I fail to see what this has got to do with security. It completely defeats the group idea to give every user its own group. But if you want to keep everyone out of your files and directories nothing stops you from chmod'ing the lot to y00, y=0..7
The security problem is that:
a) Every user is a member of users b) In the default install, every member of the groug users has access to the home directory of every other user.
This means that I, as a member of group users can read the contents of your personal documents in your home directory.
If you want to share files with the group, create a directory for that group and every member of that group has access to that shared directory. A user shouldn't have to take action, to keep others out of his home directory.
As an experiment, create another user on your system and create a text document in the home directory for that user. Then, log in as yourself and try reading that file. Then log in as that other user and try accessing files in your home directory. Tell me again about the security of that setup.
Is this a group or permission problem? Maybe the default permissions should be 600? Then you wouldn't necessarily end up with a gazillion groups that may not have any real usefulness. Greg Wallace