[K12OSN] home directory permissions

Huck dhuckaby at paasda.org
Thu Jul 10 16:39:26 UTC 2008 

Huck uses Webmin to mass-create account... so perhaps it is within the 
Webmin module that is causing it.

--Huck

James P. Kinney III wrote:
> Double check that. The default RedHat/Fedora/CentOS sets new user dirs
> in /home to be 700. This has been the default RedHat way since RedHat
> 4.1 (1995 or so). This is how my current testbed install of K12LTSP-EL
> v5 also does it. The standard security model of all things *NIX has no
> user having read access to any other user directory they do not own
> unless specially created by the admin. 
> 
> If all of the /home/* dirs are set to 755, or worse 777, there has been
> a security breach of either admin mistake or elevated privileges by a
> user.
> On Thu, 2008-07-10 at 09:13 -0700, Huck wrote:
>> unless something has changed the default was 755 ...at least with all of 
>> the K12LTSP installs I've done... users of the same group were always 
>> able to see others' files...before tweaking a thing.
>>
>> rwxr-xr-x
>>
>> --Huck
>>
>> James P. Kinney III wrote:
>>> Hmm. The default user setup is 700. So unless the students are changing
>>> things something is wrong with the permission controls from Likewise.
>>>
>>> chmod 700 /home/*
>>>
>>> That will reset the permissions on all directories in /home .
>>> If the problem recurs, make it a cron job as follows:
>>>
>>> crontab -e
>>>
>>> Now PgDn to the bottom of the file and hit "A" (capital letter A for
>>> Append) and hit the enter to start a new line
>>>
>>> now type in:
>>>
>>> * 7,11 * * * chmod 700 /home/*
>>>
>>> then hit <Esc> then :wq
>>>
>>> (yes this is a vi environment - it's good to know at least the basics!)
>>>
>>> So now, every day at 7 and 11 am all directories will be reset to perms
>>> 700. If you want to do it every 2 hours, change the 7,11 to be */2 . If
>>> you want 3pm only, use 15 instead of 7,11 .
>>>
>>> If you don't want an email of everytime it runs make the first line of
>>> the crontab :
>>>
>>> MAILTO=''
>>>
>>> But I would look into WHY and HOW the perms were changed in the first
>>> place. Something is amiss!
>>> On Thu, 2008-07-10 at 06:54 -0700, Ernie Hudson wrote:
>>>> Does anyone have an easy way to change the permissions on the home
>>>> directories so that only the owner has access to it. We have some very
>>>> bright students and they have found out that they can copy work from
>>>> someone else and have more free time. I am using the 5EL and have
>>>> single sign on using likewise open from my windows server using active
>>>> directory. I know I can change them one at a time using “chmod 700
>>>> filename”. I am not adept at writing scripts and hoping someone can
>>>> help.
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>> outlook signature
>>>>
>>>>  
>>>>
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________
>>>> Statement of Confidentiality: The contents of this e-mail message and
>>>> any attachments are intended solely for the addressee. The information
>>>> may also be confidential and/or legally privileged. This transmission
>>>> is sent for the sole purpose of delivery to the intended recipient. If
>>>> you have received this transmission in error, any use, reproduction,
>>>> or dissemination of this transmission is strictly prohibited. If you
>>>> are not the intended recipient, please immediately notify the sender
>>>> by reply e-mail, send a copy to postmaster at snowlineschools.com and
>>>> delete this message and its attachments, if any.
>>>>
>>>> E-mail is covered by the Electronic Communications Privacy Act, 18 USC
>>>> SS 2510-2521 and is legally privileged.
>>>>
>>>> -- 
>>>> This message has been scanned for viruses and 
>>>> dangerous content by MailScanner, and is 
>>>> believed to be clean. 
>>>> _______________________________________________
>>>> K12OSN mailing list
>>>> K12OSN at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>> For more info see <http://www.k12os.org>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>

More information about the K12OSN mailing list