[K12OSN] home directory permissions
James P. Kinney III
jkinney at localnetsolutions.com
Thu Jul 10 16:19:36 UTC 2008
Double check that. The default RedHat/Fedora/CentOS sets new user dirs
in /home to be 700. This has been the default RedHat way since RedHat
4.1 (1995 or so). This is how my current testbed install of K12LTSP-EL
v5 also does it. The standard security model of all things *NIX has no
user having read access to any other user directory they do not own
unless specially created by the admin.
If all of the /home/* dirs are set to 755, or worse 777, there has been
a security breach of either admin mistake or elevated privileges by a
On Thu, 2008-07-10 at 09:13 -0700, Huck wrote:
> unless something has changed the default was 755 ...at least with all of
> the K12LTSP installs I've done... users of the same group were always
> able to see others' files...before tweaking a thing.
> James P. Kinney III wrote:
> > Hmm. The default user setup is 700. So unless the students are changing
> > things something is wrong with the permission controls from Likewise.
> > chmod 700 /home/*
> > That will reset the permissions on all directories in /home .
> > If the problem recurs, make it a cron job as follows:
> > crontab -e
> > Now PgDn to the bottom of the file and hit "A" (capital letter A for
> > Append) and hit the enter to start a new line
> > now type in:
> > * 7,11 * * * chmod 700 /home/*
> > then hit <Esc> then :wq
> > (yes this is a vi environment - it's good to know at least the basics!)
> > So now, every day at 7 and 11 am all directories will be reset to perms
> > 700. If you want to do it every 2 hours, change the 7,11 to be */2 . If
> > you want 3pm only, use 15 instead of 7,11 .
> > If you don't want an email of everytime it runs make the first line of
> > the crontab :
> > MAILTO=''
> > But I would look into WHY and HOW the perms were changed in the first
> > place. Something is amiss!
> > On Thu, 2008-07-10 at 06:54 -0700, Ernie Hudson wrote:
> >> Does anyone have an easy way to change the permissions on the home
> >> directories so that only the owner has access to it. We have some very
> >> bright students and they have found out that they can copy work from
> >> someone else and have more free time. I am using the 5EL and have
> >> single sign on using likewise open from my windows server using active
> >> directory. I know I can change them one at a time using “chmod 700
> >> filename”. I am not adept at writing scripts and hoping someone can
> >> help.
> >> outlook signature
> >> ______________________________________________________________________
> >> Statement of Confidentiality: The contents of this e-mail message and
> >> any attachments are intended solely for the addressee. The information
> >> may also be confidential and/or legally privileged. This transmission
> >> is sent for the sole purpose of delivery to the intended recipient. If
> >> you have received this transmission in error, any use, reproduction,
> >> or dissemination of this transmission is strictly prohibited. If you
> >> are not the intended recipient, please immediately notify the sender
> >> by reply e-mail, send a copy to postmaster at snowlineschools.com and
> >> delete this message and its attachments, if any.
> >> E-mail is covered by the Electronic Communications Privacy Act, 18 USC
> >> SS 2510-2521 and is legally privileged.
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >> _______________________________________________
> >> K12OSN mailing list
> >> K12OSN at redhat.com
> >> https://www.redhat.com/mailman/listinfo/k12osn
> >> For more info see <http://www.k12os.org>
> K12OSN mailing list
> K12OSN at redhat.com
> For more info see <http://www.k12os.org>
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the K12OSN