Hi jefro, Thanks for your advice. I'm learning to set the permission and owner on Console. Please help. TIA B.R. satimis

0

https://help.ubuntu.com/community/FilePermissions May need to install ACL and or edit or modify user rights. "Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10

0

Sorry guys, but am I missing something here. Are you implying that when a user is created in Ubuntu, the file permissions for that user are so lax as to allow other users access to thier files? I use RedHat. When you create a user, the user's home directory has RWX for owner only. Other users can't even get a directory listing of their home directory, let alone access the files. Ravey Dave. Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not love, Love is not music, Music is THE BEST. - Frank Zappa

0

Hi Ravey Dave, What I need is quite straightforward. When a user is created, its home can only be read by that user. At the same time he/she also can't read the home of other users. Only an empty directory is there. satimis

0

If I understand correctly, satimis is trying to add users, make sure they can read and write their own files, make sure they can not rear or write other users files, and prevent them form letting other users have access to their files. Do I understand you correctly satimis? Ernie Registered Linux User 247790

0

"Seems odd. Usually by default home is user not users." I think I asked that already. "Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10

0

Ernie: Surely this is the default behaviour. I'm using RedHat Linux, and I've just: 1. Logged in as root, and created two users, user1 and user2. 2. Logged in as user1 and tried to look at user2's home directory, I got permission denied. 3. Started X and tried to look at user2's home directory, again I got permission denied. As far As I'm concerned this is what Satimis requires. Satimis: Could you try this for me, I don't use Ubuntu, and I would be interested in the results. Could you do as I've done above, and let us know if you can access other users folders. HTH Ravey Dave. Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not love, Love is not music, Music is THE BEST. - Frank Zappa

0

Ravey Dave, You are correct, this is (or should be) the default behavior for all Linux distributions. However, a user can change the default behavior for files and directories in his / her own user space and set permissions such that any user can see some or all files / directories. If I understand satimis correctly, preventing users from making such changes is the objective. I am not familiar with ACL and User Rights (as suggested by jefro), so I provided what information I could about file permissions (being carefull to not provide any thing incorrect). If what I reported was confusing, I apologize as that was not my intent. Ernie Registered Linux User 247790

0

Hi Ravey, Question; Could you try this for me, I don't use Ubuntu, and I would be interested in the results. Could you do as I've done above, and let us know if you can access other users folders. ? Yes. User1 can read User2's home and vice versa. For such a reason I started this thread. B.R. satimis

0

Hi guys, looks like I did miss something, thanks Ernie. This isn't about creating users, as I first thought, but about restricting users giving other people access to their files. Sorry guys, but I can't help you here. As far as I'm aware, I'm no expert, this can't be done without restricting access to the mechanisms that allow changing of file permissions. I will keep following this thread though, and I'll probably learn something. All the best Ravey Dave. Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not love, Love is not music, Music is THE BEST. - Frank Zappa

0

A normal default ubuntu install should not allow a user to read each others files. (pretty darn sure of that) Some reason has given each user too much authority or the file system you are on doesn't support permissions. "Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10

0

Hi jefro, Ubuntu 8.04 desktop Just made following test:- 1) Start PC and login as userA 2) as root create userB account 3) logout userA and login userB 4) On terminal; $ ls -dl /home/userA/ drwxr-xr-x 45 userA userA 4096 2009-04-20 08:03 /home/userA/ $ ls -l /home/userA/ total 60 ..... -rw-r--r-- 1 userA userA 623 2009-04-13 16:36 aaa.txt Reboot PC does not help. It is the same. userB can read userA's account and his files. B.R. satimis

0

Hello guys, this has been bugging me, so I've done some experiments. I install ubuntu 8.04 in a VM, created a couple of users to see if they could access each others files, sure enough they could. I tried changing the umask, to see if this would solve the problem, it didn't. So I installed ubuntu 8.10 to see if this behaved any differently, it didn't. When I did this on my Redhat 7.3 (Valhalla), users could NOT access each others files. This is how it should be. Ubuntu is being hailed as the best thing since sliced bread, I think with glaring security issues like these, ubuntu is best left alone. Satimis I hope you find a permenant resolution for your problem, and I'm sorry I couldn't be more help. Ravey Dave. Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not love, Love is not music, Music is THE BEST. - Frank Zappa

0

Hi Ravey Dave and folks, Thanks for your effort and time assisting me. I found a solution but not an ideal one. 1) As root after creating a new userA move its directory to some place for temporary storage. 2) Create a new directory for userA under /home owned by root in userA group. 3) Move userA's original directory back to the new directory. Afterwards the directory can only read by userA NOT other users. But if there are >100 users there will be a lot of work. B.R. satimis

0

Dumb ubuntu! "Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10

0

Hi jefro and folks, What will be your suggestion on Linux OS apart from Debian which I'm running on some boxes as server OS for desktop ? for server ? I tried Arch and Cento before, not easy to manage. Ubunto is easy to manage especially its desktop OS. In my personal opinion the best Linux OS for server is LinuxFromScratch. However it is time consuming to build it. I ceased building it for several years. B.R. satimis

0

I use Mandriva Linux here. I find it fairly user friendly and easy to manage. I started with Mandriva when it was Mandrake around the end if 1998 because it mostly worked out of the box for me (only had to get sound working - ISA Plug-n-Play Sound Card) while RedHat did not. I have continued to use Mandriva (Mandrake) for that reason and also for its GUI utilities found in the Mandriva Control Center (MCC). Around the end of the month (April 2009) or in early May, Mandriva 2009.1 (Spring) will be released to the public. It will include KDE-4.2.2 and Gnome-2.26 for the default Dersktop. For vintage (limited) systems, Mandriva will default to LXDE (Lightweight X-11 Desktop Environment). I find Mandriva to be very flexible in that I am not required to learn the deepest secrets of Linux to set up or use it, but the fundamentals are not hidden form me if I want to go looking (or learning). I will never say that any one should use what I use because we are all different, and we all have different needs and likes, but I do hope you choose to include Mandriva in the list of distributions you investigate. Ernie Registered Linux User 247790

0

I kind of like OpenSuse 11.1 and OpenSolaris 10 and Fedora even. OpenSolaris may be dumped soon or get improved a lot. Gentoo is another very good build from almost scratch distro. OpenSuse and Fedora are well supported by third party apps. As with all this stuff, you kind of get used to a few ways to do stuff. Each distro is very unique on how to so simple things. I just don't know what Ubuntu was thinking. I guess it could still be the file system. "Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10

0

Hello guys, I've posted the original question of default permisions on the ubuntu forum, and I've got an answer. You can set default permisions for new users in /etc/adduser.conf. Try 'man adduser.conf' The question of permissions was really bugging me. As for choice of distro, I'm a RedHat man, although I don't particularly like Fedora, too much is hidden. So I am going to take a look at Mandriva, thanks ernie. Cheers all. Ravey Dave Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not love, Love is not music, Music is THE BEST. - Frank Zappa

0

Hi Ravey, I suppose on /etc/adduser.conf set; GROUPHOMES=yes LETTERHOMES=yes and USERGROUPS=no TIA B.R. satimis

0

Satimis, me personally I would leave GROUPHOMES and LETTERHOMES as NO and USERGROUPS as YES. To make it so NEW user home directories cant be seen by other users change the DIR_MODE entry. For owner to have full access, group to have read/execute access, others to have no access set DIR_HOME=0750. for owner to have full access, group to have no access, others to have no access set DIR_HOME=0700. This will only affect users created after the changes have been made. To tighten up access for existing users, use the command given in #1. Your users can only change permissions on files they own. They can only give other people access to their own files. HTH Ravey Dave Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not love, Love is not music, Music is THE BEST. - Frank Zappa

0

Hi Ravey, > To tighten up access for existing users, > use the command given in #1. Where is #1 ? Thanks Can user change the permission allowing other users reading his/her files? I don't expect the user after created can change the permission sharing files with other users. B.R. satimis

0

Satimis, #1 is "response number 1" posted by idisjunction. If the user is the owner of the file/folder they can change permissions. As each user is the owner of their home folder and files/folders beneath, they will be able to give others access to their files. As far as I'm aware this is unavoidable, I don't know of any way to stop this. Maybe someone in this forum can spread some light on this. I will keep looking for an answer to this one and if I come up with anything, I will post it here. Good luck Ravey Dave. Information is not knowledge, Knowledge is not wisdom, Wisdom is not truth, Truth is not beauty, Beauty is not love, Love is not music, Music is THE BEST. - Frank Zappa

0