[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] home directory permissions



Double check that. The default RedHat/Fedora/CentOS sets new user dirs
in /home to be 700. This has been the default RedHat way since RedHat
4.1 (1995 or so). This is how my current testbed install of K12LTSP-EL
v5 also does it. The standard security model of all things *NIX has no
user having read access to any other user directory they do not own
unless specially created by the admin. 

If all of the /home/* dirs are set to 755, or worse 777, there has been
a security breach of either admin mistake or elevated privileges by a
user.
On Thu, 2008-07-10 at 09:13 -0700, Huck wrote:
> unless something has changed the default was 755 ...at least with all of 
> the K12LTSP installs I've done... users of the same group were always 
> able to see others' files...before tweaking a thing.
> 
> rwxr-xr-x
> 
> --Huck
> 
> James P. Kinney III wrote:
> > Hmm. The default user setup is 700. So unless the students are changing
> > things something is wrong with the permission controls from Likewise.
> > 
> > chmod 700 /home/*
> > 
> > That will reset the permissions on all directories in /home .
> > If the problem recurs, make it a cron job as follows:
> > 
> > crontab -e
> > 
> > Now PgDn to the bottom of the file and hit "A" (capital letter A for
> > Append) and hit the enter to start a new line
> > 
> > now type in:
> > 
> > * 7,11 * * * chmod 700 /home/*
> > 
> > then hit <Esc> then :wq
> > 
> > (yes this is a vi environment - it's good to know at least the basics!)
> > 
> > So now, every day at 7 and 11 am all directories will be reset to perms
> > 700. If you want to do it every 2 hours, change the 7,11 to be */2 . If
> > you want 3pm only, use 15 instead of 7,11 .
> > 
> > If you don't want an email of everytime it runs make the first line of
> > the crontab :
> > 
> > MAILTO=''
> > 
> > But I would look into WHY and HOW the perms were changed in the first
> > place. Something is amiss!
> > On Thu, 2008-07-10 at 06:54 -0700, Ernie Hudson wrote:
> >> Does anyone have an easy way to change the permissions on the home
> >> directories so that only the owner has access to it. We have some very
> >> bright students and they have found out that they can copy work from
> >> someone else and have more free time. I am using the 5EL and have
> >> single sign on using likewise open from my windows server using active
> >> directory. I know I can change them one at a time using “chmod 700
> >> filename”. I am not adept at writing scripts and hoping someone can
> >> help.
> >>
> >>  
> >>
> >>  
> >>
> >> outlook signature
> >>
> >>  
> >>
> >>
> >>
> >>
> >> ______________________________________________________________________
> >> Statement of Confidentiality: The contents of this e-mail message and
> >> any attachments are intended solely for the addressee. The information
> >> may also be confidential and/or legally privileged. This transmission
> >> is sent for the sole purpose of delivery to the intended recipient. If
> >> you have received this transmission in error, any use, reproduction,
> >> or dissemination of this transmission is strictly prohibited. If you
> >> are not the intended recipient, please immediately notify the sender
> >> by reply e-mail, send a copy to postmaster snowlineschools com and
> >> delete this message and its attachments, if any.
> >>
> >> E-mail is covered by the Electronic Communications Privacy Act, 18 USC
> >> SS 2510-2521 and is legally privileged.
> >>
> >> -- 
> >> This message has been scanned for viruses and 
> >> dangerous content by MailScanner, and is 
> >> believed to be clean. 
> >> _______________________________________________
> >> K12OSN mailing list
> >> K12OSN redhat com
> >> https://www.redhat.com/mailman/listinfo/k12osn
> >> For more info see <http://www.k12os.org>
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC                           
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney localnetsolutions com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]