Why can other users see the files in my home folder?How to make sure other users can't see my files?Default home directory permission allow read?Why do user directories have such lax permissions by default?What is “umask” and how does it work?How do file permissions work?How can I prevent other users from accessing my home directory?Hide multiple files at once with shell scriptIs there a default folder for sharing files with other users?Why is a user not a member of their private group (UPG) according to the GUI? (although CLI proves the opposite…)Is running unknown applications in a separate non root account safe?How can I restrict program access to other users?Share folder between usersHome folder not writeableHow can I mv files from another user to my Home folder (knowing the password of the other user)?Accessing Files in Other Users FTP Folder?Unable to access old (deleted) user's home folder and files and don't have permissions to read, write or delete themCan root see my encrypted /home folder?
Are there any privately owned large commercial airports?
one-liner vs script
Black? I ordered it dyed red!
Is any device installed on airplane to measure wind speed relative to the ground, and its direction?
How can I retrieve email templates from a sandbox using the Salesforce CLI?
What can damage a lich in an antimagic field?
What powers an aircraft prior to the APU being switched on?
What is the meaning of "log" in "hours logged"?
Why is lying to Congress a crime?
How to remind myself to lock my doors
Is data science mathematically interesting?
Little Endian Number to String Conversion
What kind of tools would be used to carve bone?
What is joint estimation?
Is it anti-pattern to have inheritence in a dto?
What is this cast-iron device on my water supply pipe?
How to execute a project with two resources where you need three resources?
Why is coffee provided during big chess events when it contains a banned substance?
Can you decide not to sneak into a room after seeing your roll?
Modern warfare theory in a medieval setting
Is there a reason behind the 'Ending' joke?
My first random password generator
Can you pitch an outline?
Looking for PC graphics demo software from the early 90s called "Unreal"
Why can other users see the files in my home folder?
How to make sure other users can't see my files?Default home directory permission allow read?Why do user directories have such lax permissions by default?What is “umask” and how does it work?How do file permissions work?How can I prevent other users from accessing my home directory?Hide multiple files at once with shell scriptIs there a default folder for sharing files with other users?Why is a user not a member of their private group (UPG) according to the GUI? (although CLI proves the opposite…)Is running unknown applications in a separate non root account safe?How can I restrict program access to other users?Share folder between usersHome folder not writeableHow can I mv files from another user to my Home folder (knowing the password of the other user)?Accessing Files in Other Users FTP Folder?Unable to access old (deleted) user's home folder and files and don't have permissions to read, write or delete themCan root see my encrypted /home folder?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
add a comment
|
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
add a comment
|
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.
What is the rational for setting up such lax permissions?
permissions users default privacy
permissions users default privacy
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
asked Jun 2 '11 at 1:53
ændrükændrük
43.4k64 gold badges202 silver badges345 bronze badges
43.4k64 gold badges202 silver badges345 bronze badges
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
add a comment
|
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20
add a comment
|
7 Answers
7
active
oldest
votes
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
add a comment
|
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
2
Of course other users shouldn't be sudoers.
– Pablo A
Feb 3 '18 at 4:29
add a comment
|
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
12
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
4
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
4
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment
|
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment
|
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
add a comment
|
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
add a comment
|
If you really need a high level of security: please re-install and make sure to choose the option to encrypt your entire disk. This will require a passphrase to even start the machine. You may of course also encrypt your home folder once more on top of this, with some performance degradation; though not noticeable for normal use.
Please note, that encrypting your home folder will disable applications like Dropbox. Dropbox is not secure storage that respects privacy anyway, so that may be a trite point. However, if you do need secure and private storage in the cloud, I would personally recommend MEGAsync since only you would have the keys to access the data.
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f46501%2fwhy-can-other-users-see-the-files-in-my-home-folder%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
7 Answers
7
active
oldest
votes
7 Answers
7
active
oldest
votes
active
oldest
votes
active
oldest
votes
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
add a comment
|
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
add a comment
|
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~- allow everyone to descend in the directory (x), but not get a directory listing (rshould not be added)find ~/Public -type f -exec chmod o+r ;- allow everyone to read the files in~/Publicfind ~/Public -type d -exec chmod o+rx ;- allow everyone to descend into directories and list their contents
If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):
chmod -R o+rX ~/Public
edited Apr 13 '17 at 12:25
Community♦
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
edited Apr 13 '17 at 12:25
Community♦
1
edited Apr 13 '17 at 12:25
Community♦
1
edited Apr 13 '17 at 12:25
Community♦
1
1
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
answered Jun 2 '11 at 8:04
LekensteynLekensteyn
131k51 gold badges274 silver badges366 bronze badges
131k51 gold badges274 silver badges366 bronze badges
add a comment
|
add a comment
|
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
2
Of course other users shouldn't be sudoers.
– Pablo A
Feb 3 '18 at 4:29
add a comment
|
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
2
Of course other users shouldn't be sudoers.
– Pablo A
Feb 3 '18 at 4:29
add a comment
|
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.
You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Command is:
chmod 750 $HOME
Note: Ubuntu default is 755
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
edited Jun 2 '11 at 2:25
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
answered Jun 2 '11 at 2:19
Jason IversonJason Iverson
5583 silver badges12 bronze badges
5583 silver badges12 bronze badges
2
Of course other users shouldn't be sudoers.
– Pablo A
Feb 3 '18 at 4:29
add a comment
|
2
Of course other users shouldn't be sudoers.
– Pablo A
Feb 3 '18 at 4:29
2
2
Of course other users shouldn't be sudoers.
– Pablo A
Feb 3 '18 at 4:29
Of course other users shouldn't be sudoers.
– Pablo A
Feb 3 '18 at 4:29
add a comment
|
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
12
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
4
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
4
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment
|
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
12
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
4
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
4
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment
|
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
According to Mark Shuttleworth,
"The majority of users of Ubuntu systems either have exclusive use of the
machine (personal laptop) or are sharing with friends and relatives. We
assume that the people who share the machine are either trusted, or in a
position to hack the machine (boot from USB!) trivially. As a result,
there is little to no benefit"
... from removing those permissions.
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
answered Sep 28 '13 at 22:48
ignisignis
3,47122 silver badges25 bronze badges
3,47122 silver badges25 bronze badges
12
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
4
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
4
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment
|
12
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
4
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
4
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
12
12
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
I think having the same behavior in the Server edition is a security hole
– warvariuc
Mar 28 '15 at 6:55
4
4
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.
– Barafu Albino
Oct 11 '15 at 14:51
4
4
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.
– mauron85
Apr 12 '17 at 11:25
add a comment
|
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment
|
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment
|
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
edited Feb 7 '18 at 17:04
David Foerster
29.4k13 gold badges70 silver badges116 bronze badges
29.4k13 gold badges70 silver badges116 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
answered Jun 2 '11 at 3:09
Pavlos G.Pavlos G.
7,6461 gold badge28 silver badges33 bronze badges
7,6461 gold badge28 silver badges33 bronze badges
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment
|
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
4
4
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.
– ændrük
Jun 10 '11 at 4:10
add a comment
|
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
add a comment
|
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
add a comment
|
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with
chmod -R o+rX ~/Public
This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
answered Mar 25 '12 at 19:11
spinupspinup
3422 silver badges6 bronze badges
3422 silver badges6 bronze badges
add a comment
|
add a comment
|
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
add a comment
|
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
add a comment
|
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.
The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.
Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:
sudo apt-get install encryptfs-utils
encryptfs-migrate-home
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
answered Apr 18 at 3:42
v010dyav010dya
7342 gold badges9 silver badges30 bronze badges
7342 gold badges9 silver badges30 bronze badges
add a comment
|
add a comment
|
If you really need a high level of security: please re-install and make sure to choose the option to encrypt your entire disk. This will require a passphrase to even start the machine. You may of course also encrypt your home folder once more on top of this, with some performance degradation; though not noticeable for normal use.
Please note, that encrypting your home folder will disable applications like Dropbox. Dropbox is not secure storage that respects privacy anyway, so that may be a trite point. However, if you do need secure and private storage in the cloud, I would personally recommend MEGAsync since only you would have the keys to access the data.
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
add a comment
|
If you really need a high level of security: please re-install and make sure to choose the option to encrypt your entire disk. This will require a passphrase to even start the machine. You may of course also encrypt your home folder once more on top of this, with some performance degradation; though not noticeable for normal use.
Please note, that encrypting your home folder will disable applications like Dropbox. Dropbox is not secure storage that respects privacy anyway, so that may be a trite point. However, if you do need secure and private storage in the cloud, I would personally recommend MEGAsync since only you would have the keys to access the data.
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
add a comment
|
If you really need a high level of security: please re-install and make sure to choose the option to encrypt your entire disk. This will require a passphrase to even start the machine. You may of course also encrypt your home folder once more on top of this, with some performance degradation; though not noticeable for normal use.
Please note, that encrypting your home folder will disable applications like Dropbox. Dropbox is not secure storage that respects privacy anyway, so that may be a trite point. However, if you do need secure and private storage in the cloud, I would personally recommend MEGAsync since only you would have the keys to access the data.
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
If you really need a high level of security: please re-install and make sure to choose the option to encrypt your entire disk. This will require a passphrase to even start the machine. You may of course also encrypt your home folder once more on top of this, with some performance degradation; though not noticeable for normal use.
Please note, that encrypting your home folder will disable applications like Dropbox. Dropbox is not secure storage that respects privacy anyway, so that may be a trite point. However, if you do need secure and private storage in the cloud, I would personally recommend MEGAsync since only you would have the keys to access the data.
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
answered Apr 18 at 6:39
SLSSLS
1047 bronze badges
1047 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f46501%2fwhy-can-other-users-see-the-files-in-my-home-folder%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Related: unix.stackexchange.com/a/315197/85039
– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20