Jordan Hall » home directories http://jordanhall.co.uk Jordan Hall - programmer and geek Mon, 21 Jun 2010 12:31:26 +0000 en hourly 1 http://wordpress.org/?v=3.0 /home/ – Ubuntu Home Directories are world readable by default http://jordanhall.co.uk/ubuntu-linux/home-ubuntu-home-directories-are-world-readable-by-default-3312144/ http://jordanhall.co.uk/ubuntu-linux/home-ubuntu-home-directories-are-world-readable-by-default-3312144/#comments Tue, 08 Dec 2009 22:15:33 +0000 Jordan Hall http://jordanhall.co.uk-c74d97b01eae257e44aa9d5bade97baf If you liked this post, you may be interested in these:
  1. Firefox – How to easily install Mozilla Firefox 3.5 on Ubuntu 9.04
  2. Ubuntu 100 Paper Cuts Usability Initiative – Professional focus on one hundred usability issues within the Ubuntu operating system
  3. Spotify – How to get Spotify links to work in Linux
  4. notify-osd – Changes to Ubuntu 9.04 notifications
  5. Ubuntu 9.10 Release
]]> I recently discovered Ubuntu has home directory permissions default to world readable. In other words, any unprivileged user, including guests users, are able to access and read the home directory data for any other user. For those who store sensitive information on a multi-user computer, this can be a significant security problem or at least a privacy issue. This default resembles the configuration of a Windows XP or Vista system when the option to make files private is not selected during user creation.

If you feel the default set-up of world readable home directories is not to your liking you can deny other users access to your home directory with one command, as follows:

sudo chmod -R 750 /home/*

This command, when entered, will give other users no access permissions. When browsing via Nautilus or a command prompt, other users attempting to access your home directory will receive an ‘access denied’ error message. This will stop read access, write access and even file listing of your home directory from other users. It should be warned that this restricted configuration could potentially cause issues with programs that attempt to access configuration files in your user directory in an unusual manner (such as when being ran in the name of another user on the system). However, from personal experience I have not encountered any related problems.

If you wish to make this configuration the default for all newly created users, you must reconfigure the ‘adduser’ software package. This can be done very simply by running the following command and selecting ‘No’ when asked whether or not your want world/system readable home directories.

sudo dpkg-reconfigure adduser

It is my opinion that home directories should be set with these permissions and the adduser package should be configured in this manner by default. Researching this as an issue, I have discovered many others also feel this way. For example, see Ubuntu Brainstorm idea #6106 and note the debate in the comments between default configuration versus user choice. Although user choice is always important, surely a more secure/privacy-protecting default which can be changed if required, is the more desirable option?

What do you think? Also, has anyone ever encountered any problems with a non-world readable home directory configuration?


If you liked this post, you may be interested in these:

  1. Firefox – How to easily install Mozilla Firefox 3.5 on Ubuntu 9.04
  2. Ubuntu 100 Paper Cuts Usability Initiative – Professional focus on one hundred usability issues within the Ubuntu operating system
  3. Spotify – How to get Spotify links to work in Linux
  4. notify-osd – Changes to Ubuntu 9.04 notifications
  5. Ubuntu 9.10 Release

]]> http://jordanhall.co.uk/ubuntu-linux/home-ubuntu-home-directories-are-world-readable-by-default-3312144/feed/ 0