Security Breach! - Home directories readable to other users
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Security Breach! - Home directories readable to other users
Hi everybody.
I am the administrator on my PC (Mint 18.3). I made an account for my son (standard account), but now I can access my folders and all my files through my son's account, even if I close my session. This is supposed not to happen. It didn't happened before with previous releases.
This is potentially dangerous.
I am the administrator on my PC (Mint 18.3). I made an account for my son (standard account), but now I can access my folders and all my files through my son's account, even if I close my session. This is supposed not to happen. It didn't happened before with previous releases.
This is potentially dangerous.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Security Breach!!
do have a look at Menu - Administration - Users & Groups.
check what permissions / groups that the New Standard Account has,
when compared to your own Administrator Account.
you may need to UN-check a few Groups in the New Standard Account to achieve what you are needing.
on some of my PCs where I've got a few users on that machine, I've often found that I've had to modify
that Users & Groups settings, to either Gain / Lose some required areas for the new users on that machine.
check what permissions / groups that the New Standard Account has,
when compared to your own Administrator Account.
you may need to UN-check a few Groups in the New Standard Account to achieve what you are needing.
on some of my PCs where I've got a few users on that machine, I've often found that I've had to modify
that Users & Groups settings, to either Gain / Lose some required areas for the new users on that machine.
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
Re: Security Breach!!
Hi, my son only has the "ali" and "nopasswdlogin" and nothing else.
Re: Security Breach!!
that's interesting in itself - - when I've added in an Extra User on some machine,
they generally do get quite a list of Groups that they seem to default to.
so, I've had to add / remove some of those Groups, in order to get that New Users Account to work properly.
they generally do get quite a list of Groups that they seem to default to.
so, I've had to add / remove some of those Groups, in order to get that New Users Account to work properly.
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
Re: Security Breach! - Home directories readable to other users
Guys,
the issue is not caused by group membership, but by the default permissions which are granted to owner-group-others inside the /home directory. A simple
(Yes, you can do the same check in your graphical file-manager as well, provided you have configured it to display in long list format and provided you have configured it to display owner-group and access permissions.)
Karl
the issue is not caused by group membership, but by the default permissions which are granted to owner-group-others inside the /home directory. A simple
ls -al /home
might help reveal whether I am right.(Yes, you can do the same check in your graphical file-manager as well, provided you have configured it to display in long list format and provided you have configured it to display owner-group and access permissions.)
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 762 days now.
Lifeline
- Pjotr
- Level 23
- Posts: 19888
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Security Breach!!
Solve it with this terminal command:
Repeat this in each user account that needs the same protection.
Note: this doesn't protect you from someone with root permissions! It won't stop a determined and experienced snooper, but it's an effective measure to "keep the honest people out". If that's not enough for you: encryption of files or even of your entire home folder, is much more secure....
Should you ever wish to undo this (but why?), that's easy as well. For undoing you can use this command:
Code: Select all
chmod -v 700 $HOME
Note: this doesn't protect you from someone with root permissions! It won't stop a determined and experienced snooper, but it's an effective measure to "keep the honest people out". If that's not enough for you: encryption of files or even of your entire home folder, is much more secure....
Should you ever wish to undo this (but why?), that's easy as well. For undoing you can use this command:
Code: Select all
chmod -v 755 $HOME
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Security Breach! - Home directories readable to other users
The same issue has been discussed before. I just will have to look up the old threads ... (no time to do so at the moment) ...
By the way, as most users are not aware how access permissions are handled on Linux, not just on Linux Mint, here is a an article which explains the basic concept: How Do Linux File Permissions Work?
And another article which illustrates, what Pjotr had already explained briefly, how to prevent normal users from accessing each other's home directories easily: How to Prevent Other Users From Accessing Your Home Directory in Ubuntu 14.04
By the way, as most users are not aware how access permissions are handled on Linux, not just on Linux Mint, here is a an article which explains the basic concept: How Do Linux File Permissions Work?
And another article which illustrates, what Pjotr had already explained briefly, how to prevent normal users from accessing each other's home directories easily: How to Prevent Other Users From Accessing Your Home Directory in Ubuntu 14.04
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 762 days now.
Lifeline
Re: Security Breach!!
Interesting. What exactly is it that this command does?Pjotr wrote: ⤴Mon Jun 18, 2018 4:29 am Solve it with this terminal command:Repeat this in each user account that needs the same protection.Code: Select all
chmod -v 700 $HOME
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Security Breach! - Home directories readable to other users
It gives read-write-execute permissions in home only to the account holder leaving out other users on the same system, if I have understood it correctly. For a brief explanation: https://www.lifewire.com/uses-of-command-chmod-2201064
For a little more thorough explanation: https://www.computerhope.com/unix/uchmod.htm
For a little more thorough explanation: https://www.computerhope.com/unix/uchmod.htm
Last edited by Sir Charles on Mon Jun 18, 2018 4:55 am, edited 1 time in total.
- Pjotr
- Level 23
- Posts: 19888
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Security Breach!!
It changes the permissions for your /home folder. 700 protects against any access from other users, while the issuing user (you) still has full access.Moem wrote: ⤴Mon Jun 18, 2018 4:42 amInteresting. What exactly is it that this command does?Pjotr wrote: ⤴Mon Jun 18, 2018 4:29 am Solve it with this terminal command:Repeat this in each user account that needs the same protection.Code: Select all
chmod -v 700 $HOME
Default is 755, which means that the contents of your /home folder are both readable and executable by others, but only changeable by the issuing user (you).
I don't know why 755 is default; 700 makes more sense to me. Oh well, it's easy to change....
Last edited by Pjotr on Mon Jun 18, 2018 10:06 am, edited 1 time in total.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Security Breach! - Home directories readable to other users
That perplexed me when I found out that 755 is the default for a /Home/user account.
For an OS such as Linux that prides itself on security, that doesn't seem like a good idea.
For an OS such as Linux that prides itself on security, that doesn't seem like a good idea.
Last edited by JerryF on Mon Jun 18, 2018 11:00 am, edited 1 time in total.
Re: Security Breach! - Home directories readable to other users
Proper permissions is still a somewhat perilous assumption of security.
You can easily change the attributes when booted into a live desktop.
The only real solution is encryption.
You can easily change the attributes when booted into a live desktop.
The only real solution is encryption.
Everything in life was difficult before it became easy.
Re: Security Breach! - Home directories readable to other users
Recently discussed here as well: viewtopic.php?f=90&t=270507#p1477086.
I.e., you may want a system-wide backup solution to have access to home directories; having to run it as root only for that would with fair chance be the bigger security breach. But also as per above, anyone feel free to chmod their home, and here's official Ubuntu documentation saying the same:
https://help.ubuntu.com/lts/serverguide ... e-security
I do not myself run or have identified software that needs global home directory access but have taken the fact that turning them private is not default as a sign that some will exist. Yes, that's dangerously close to Cargo Cult Administration but given that I don't have untrusted local users either, oh well: Debian-derivative is as Debian does...
I.e., you may want a system-wide backup solution to have access to home directories; having to run it as root only for that would with fair chance be the bigger security breach. But also as per above, anyone feel free to chmod their home, and here's official Ubuntu documentation saying the same:
https://help.ubuntu.com/lts/serverguide ... e-security
I do not myself run or have identified software that needs global home directory access but have taken the fact that turning them private is not default as a sign that some will exist. Yes, that's dangerously close to Cargo Cult Administration but given that I don't have untrusted local users either, oh well: Debian-derivative is as Debian does...
Re: Security Breach! - Home directories readable to other users
Remember that permissions only enforce security for users operating within that linux instance. Someone could easily circumvent this by booting a live linux (like Puppy).
The only defense against this is encryption. For this reason if you have any concerns about data privacy & security, encrypt the home directories!
The only defense against this is encryption. For this reason if you have any concerns about data privacy & security, encrypt the home directories!