Jos van Kan wrote:
James Knott wrote:
Jos van Kan wrote:
I fail to see what this has got to do with security. It completely defeats the group idea to give every user its own group. But if you want to keep everyone out of your files and directories nothing stops you from chmod'ing the lot to y00, y=0..7
The security problem is that:
a) Every user is a member of users b) In the default install, every member of the groug users has access to the home directory of every other user.
Yes. But that has nothing to do with security. Only if you *allow* rights to the group "users" that group has reading rights. That the default setup allows the group *reading* rights to your documents is just what the group idea is all about. This has nothing to do with security. Nothing prevents you from creating a directory
mkdir very_secret_and_personal_documents chmod 700 very_secret_and_personal_documents
and no one will be able to even enter that directory. And nothing prevents you from doing chmod -R go -rwx * to disallow all rights to all files and directories except to the user himself.
Why should group members have access to my files by default. If I want to stop them I have to change the permissions to my directory. Shouldn't it be the other way around, that I'd give them acces, only if I wanted them to have it? The way it is right how, it's the same as all your neighbours having the same front door key, so that they can wander in and look around whenever they want.