On 02/08/2021 09.04, Giuseppe Fierro wrote:
Hi, encryption is a nice thing to have but not all users are able to do quickly or are not too lazy to do.
A simple situation is the follow:, I'm the only user of my system, desktop or laptop, so I don't care about system permission but one day my syster, wife, mother, girlfriend etc. ask me if he can use my laptop for something what I do is to quickly setup new user account right? But wait... he is by default in the same group and he can see all of my stuff, mail, photos, documents, etc. What I have to do now? Encrypt all my files in hurry? Remove him from users group? Change the permission of my home dorectory? Why I have to do this in hurry by myself when my system can do it from me by default?
Also, normally encryption does not protect you in this case, permissions do. Encryption does not protect you in this case because normally the encrypted partition or separate home is mounted, and thus they have access as to a normal home directory, unless permissions block them.
In my opinion sane home directory permissions should be like this: drwx------. 1 gspe gspe 352 Jul 31 23:05 gspe
Notice that in that setup the group gspe do not have any access. They should be instead: drwxr-x---. 1 gspe gspe 352 Jul 31 23:05 gspe -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))