serious problem today

[guest]

I had a guest today that i let use my laptop. 100% linux mint Daryna. they were is a user account and not my main account so access was setup to be limited. they got into my personal folders via user and documents. called up my user name and opened all of my files. I was stunned. What the heck is going on? I am not on my linux laptop but my macbook pro so I will have to give you more concrete info when i get on it. He went up the hierarchy and backed into my user folders. What the heck is going on. not secure to me when I see this happening. Any thoughts????

stumped and rather pissed.

[GrayWizardLinux]

sorry - i was not logged in.... I posted this thread.

you can access this through Home next Zen on the bar....

Screenshot-home - File Browser.png

[GrayWizardLinux]

Ok thanks but I do not see any way to set permissions.... can you expand on this??? I never thought that that would be possible as default in linux that is supposed to be so secure, if you know what I mean....


Ok I did go into files systems but it said cannot set change permissions, not the owner - now what...I do not understand,

[GrayWizardLinux]

I am logged in as zen and no luck. filesystem is default install.

I wrote clem and he offered no help...

[GrayWizardLinux]

Ok went in today and was able to set permissions. This is weird.... just logged in to the other account and a white X by the home folder for me. would not open contents...That should be all off by default. This is a security hole that needs to be fixed!!!!!

Personally that is Bull!

[GrayWizardLinux]

still no response from Clem. Not Good! Too bad. I really like Mint!

[Husse]

I did some checking in Elyssa - don't have Daryna any more and there should be no difference
The default behavior is that you can see directories for the other user but not the content and definitely not make any changes
This depends on permissions - so you can right click (from the users account) and set permissions for the folder /home/username to username only
And Clem has so much to do that it takes ages before he reads and possibly answer (in case of emergency I have a possibility to get this immediate attention) and it 's also I that patrol the forum and pass on important issues - I've missed this one though but it was brought to my attention.

[GrayWizardLinux]

Husse, Thanks! You know I support mint and am not trying to cause trouble, but my guest literally could look at all of my files without any problem. That was the reason I set up the user account for my daughter and wife so they would not trash the laptop or the OS or my stuff. The guest, by default ---- should NOT have any access to anything other than their own account files or parameters. Not MINE!!!

That was a big turn off and rather perturbing. Belive it or not actually made me think of switching to another distro just because of this security issue. I do not know a lot about linux; but I do know that a guest user not set up as admin or root or whatever should not have access to other's files. On Mac that user has access to their files - no more.

What if I had confidential info there and did not know that this glitch was there and made it possible for other people to access it? That is not cool! Not cool at all!

I hope you understand what I am getting at.

[clem]

Hi,

Sorry about the lack of response, I haven't checked my mails yet.. I just got here after Husse wrote about it in the team section.

Home folders are readable by default. Some argue they shouldn't. Maybe they should.. it's not a bug, it's just something we haven't really thought about yet. In any way, you can change the permissions of any of your directories by right clicking on them and selecting "permissions".

There's a discussion about it here: http://brainstorm.ubuntu.com/idea/6111/
A way to achieve this in Gnome: http://linux.about.com/library/gnome/blgnome6n6n.htm
And an article I wrote (back in the days when I used to write things) which explains all there is to know about permissions in Linux: http://www.linuxforums.org/security/fil ... sions.html

Myself, I'm not sure what to think about whether or not your home folder should be private by default. If I think of my house for instance, the front door is locked but then all the inside doors aren't. In a similar manner my router is locked but my home folder isn't. If I need to keep something away from my children's/wife sight or if someone comes to my computer, I can choose to lock specific folders then.

In the end of the day it really depends on who you share your computer with and how comfortable you are with sharing it with them.

PS: Just a thought, physical access to a computer means they can boot a liveCD and browse the content of any hard-drive... whatever their permissions, unless of course these are encrypted.

Clem.

[GrayWizardLinux]

Hi,

Sorry about the lack of response, I haven't checked my mails yet.. I just got here after Husse wrote about it in the team section.



That is cool I understand






Home folders are readable by default. Some argue they shouldn't. Maybe they should.. it's not a bug, it's just something we haven't really thought about yet. In any way, you can change the permissions of any of your directories by right clicking on them and selecting "permissions".



I really believe deep in my heart that that is a major security issue. If you know what you know then you know. But if you know as little as i do you would think that each user is and SHOULD BE independent!!!! Unless admin or root or whoever. The reason for creating another account is so that people cannot screw too many things up and also not have access to my stuff. But they do!!!

Re: setting permissions when I tried the first time no luck - literally. a day later I was able to. Go figure. But if my brother-in-law would have not found his way into my files and folders I never would have know that this was possible! That sucks!!!







There's a discussion about it here: http://brainstorm.ubuntu.com/idea/6111/
A way to achieve this in Gnome: http://linux.about.com/library/gnome/blgnome6n6n.htm
And an article I wrote (back in the days when I used to write things) which explains all there is to know about permissions in Linux: http://www.linuxforums.org/security/fil ... sions.html

Myself, I'm not sure what to think about whether or not your home folder should be private by default. If I think of my house for instance, the front door is locked but then all the inside doors aren't. In a similar manner my router is locked but my home folder isn't. If I need to keep something away from my children's/wife sight or if someone comes to my computer, I can choose to lock specific folders then.


This is not a house. I understand the analogy; but not relevant to me I am afraid. Sorry. There is no need to lock my files/folders if my stuff is not accessible - that is my point.





In the end of the day it really depends on who you share your computer with and how comfortable you are with sharing it with them.

PS: Just a thought, physical access to a computer means they can boot a liveCD and browse the content of any hard-drive... whatever their permissions, unless of course these are encrypted.




if they know about such things or have access to a live CD.

Clem.

I hope you understand my concern here. Thank you Clem and Husse!

[GrayWizardLinux]

clem: re: the first link - I have zero <violates forum rules>.... bad thread. I just have business info and other files there. nothing to be ashhamed just nothing that is anyone's business.

[Husse]

As Clem said we haven't really thought of this but it is the default behaviour.
I'll do some thinking and tinkering to see if we need to change something later in the week (there is no hurry as I understand it)
I don't have the time until friday at the earliest but I'll come back to this topic

[GrayWizardLinux]

my original response did not seem to take....

again:

Thanks Husse!

[Husse]

I don't see it as a major flaw, but I personally think each users folder should not be readable for other users, except the power user - that's a necessity...
You should only see a folder with the user name in /home
I think that's what newbies expect (I don't remember how this works in XP)
We have to decide on this before Felicia comes out

[GrayWizardLinux]

Thanks Husse! That is my point. I am the main dude - 1 user account - yet user account can access my files before i did what was suggested. But that should NEVER have happened to begin with in my sincere opinion.