[K12OSN] home directory permissions

Thu Jul 10 16:47:16 UTC 2008

correct.. it's assigning them all to the same group(like I am..all to 
the 'student' group)...

perhaps *nix default only applies to the command-line creation? *shrugs*

I haven't found much of a problem with students in this regard...only 
250 at this high school and 120 at an elementary school...

--Huck

Ernie Hudson wrote:
> If the user is created using the gui add user or command line each user is given their own group and their directory is private. This is happening because I am using single sign on and authenticating from active directory, so all the users have the same group. It also happened when I used webmin and assigned them all to the same group.
> 
> Ernie
> 
> -----Original Message-----
> From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Huck
> Sent: Thursday, July 10, 2008 9:39 AM
> To: Support list for open source software in schools.
> Subject: Re: [K12OSN] home directory permissions
> 
> Huck uses Webmin to mass-create account... so perhaps it is within the
> Webmin module that is causing it.
> 
> --Huck
> 
> James P. Kinney III wrote:
>> Double check that. The default RedHat/Fedora/CentOS sets new user dirs
>> in /home to be 700. This has been the default RedHat way since RedHat
>> 4.1 (1995 or so). This is how my current testbed install of K12LTSP-EL
>> v5 also does it. The standard security model of all things *NIX has no
>> user having read access to any other user directory they do not own
>> unless specially created by the admin.
>>
>> If all of the /home/* dirs are set to 755, or worse 777, there has been
>> a security breach of either admin mistake or elevated privileges by a
>> user.
>> On Thu, 2008-07-10 at 09:13 -0700, Huck wrote:
>>> unless something has changed the default was 755 ...at least with all of
>>> the K12LTSP installs I've done... users of the same group were always
>>> able to see others' files...before tweaking a thing.
>>>
>>> rwxr-xr-x
>>>
>>> --Huck
>>>
>>> James P. Kinney III wrote:
>>>> Hmm. The default user setup is 700. So unless the students are changing
>>>> things something is wrong with the permission controls from Likewise.
>>>>
>>>> chmod 700 /home/*
>>>>
>>>> That will reset the permissions on all directories in /home .
>>>> If the problem recurs, make it a cron job as follows:
>>>>
>>>> crontab -e
>>>>
>>>> Now PgDn to the bottom of the file and hit "A" (capital letter A for
>>>> Append) and hit the enter to start a new line
>>>>
>>>> now type in:
>>>>
>>>> * 7,11 * * * chmod 700 /home/*
>>>>
>>>> then hit <Esc> then :wq
>>>>
>>>> (yes this is a vi environment - it's good to know at least the basics!)
>>>>
>>>> So now, every day at 7 and 11 am all directories will be reset to perms
>>>> 700. If you want to do it every 2 hours, change the 7,11 to be */2 . If
>>>> you want 3pm only, use 15 instead of 7,11 .
>>>>
>>>> If you don't want an email of everytime it runs make the first line of
>>>> the crontab :
>>>>
>>>> MAILTO=''
>>>>
>>>> But I would look into WHY and HOW the perms were changed in the first
>>>> place. Something is amiss!
>>>> On Thu, 2008-07-10 at 06:54 -0700, Ernie Hudson wrote:
>>>>> Does anyone have an easy way to change the permissions on the home
>>>>> directories so that only the owner has access to it. We have some very
>>>>> bright students and they have found out that they can copy work from
>>>>> someone else and have more free time. I am using the 5EL and have
>>>>> single sign on using likewise open from my windows server using active
>>>>> directory. I know I can change them one at a time using "chmod 700
>>>>> filename". I am not adept at writing scripts and hoping someone can
>>>>> help.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> outlook signature
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ______________________________________________________________________
>>>>> Statement of Confidentiality: The contents of this e-mail message and
>>>>> any attachments are intended solely for the addressee. The information
>>>>> may also be confidential and/or legally privileged. This transmission
>>>>> is sent for the sole purpose of delivery to the intended recipient. If
>>>>> you have received this transmission in error, any use, reproduction,
>>>>> or dissemination of this transmission is strictly prohibited. If you
>>>>> are not the intended recipient, please immediately notify the sender
>>>>> by reply e-mail, send a copy to postmaster at snowlineschools.com and
>>>>> delete this message and its attachments, if any.
>>>>>
>>>>> E-mail is covered by the Electronic Communications Privacy Act, 18 USC
>>>>> SS 2510-2521 and is legally privileged.
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>> _______________________________________________
>>>>> K12OSN mailing list
>>>>> K12OSN at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>>> For more info see <http://www.k12os.org>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
> 