James Knott wrote:
Jos van Kan wrote:
I fail to see what this has got to do with security. It completely defeats the group idea to give every user its own group. But if you want to keep everyone out of your files and directories nothing stops you from chmod'ing the lot to y00, y=0..7
The security problem is that:
a) Every user is a member of users b) In the default install, every member of the groug users has access to the home directory of every other user.
Yes. But that has nothing to do with security. Only if you *allow* rights to the group "users" that group has reading rights. That the default setup allows the group *reading* rights to your documents is just what the group idea is all about. This has nothing to do with security. Nothing prevents you from creating a directory mkdir very_secret_and_personal_documents chmod 700 very_secret_and_personal_documents and no one will be able to even enter that directory. And nothing prevents you from doing chmod -R go -rwx * to disallow all rights to all files and directories except to the user himself. Regards, -- Jos van Kan www.josvankan.tk