Mailinglist Archive: opensuse (4344 mails)
| < Previous | Next > |
Re: [SLE] more on umask
- From: Jos van Kan <vankan@xxxxxxxxxxxx>
- Date: Wed, 24 Aug 2005 21:35:35 +0200
- Message-id: <430CCC07.8030605@xxxxxxxxxxxx>
James Knott wrote:
mkdir very_secret_and_personal_documents
chmod 700 very_secret_and_personal_documents
and no one will be able to even enter that directory.
And nothing prevents you from doing
chmod -R go -rwx *
to disallow all rights to all files and directories except to the user himself.
Regards,
--
Jos van Kan www.josvankan.tk
Jos van Kan wrote:
Yes. But that has nothing to do with security. Only if you *allow* rights to the group "users" that group has reading rights. That the default setup allows the group *reading* rights to your documents is just what the group idea is all about. This has nothing to do with security. Nothing prevents you from creating a directoryI fail to see what this has got to do with security. It completely
defeats the group idea to give every user its own group. But if you want
to keep everyone out of your files and directories nothing stops you
from chmod'ing the lot to y00, y=0..7
The security problem is that:
a) Every user is a member of users
b) In the default install, every member of the groug users has access to
the home directory of every other user.
mkdir very_secret_and_personal_documents
chmod 700 very_secret_and_personal_documents
and no one will be able to even enter that directory.
And nothing prevents you from doing
chmod -R go -rwx *
to disallow all rights to all files and directories except to the user himself.
Regards,
--
Jos van Kan www.josvankan.tk
| < Previous | Next > |