[K12OSN] home directory permissions

Rob Owens rob.owens at biochemfluidics.com
Thu Jul 10 18:48:47 UTC 2008 

FYI, I just ran a test on my K12LTSP 5.0 (CentOS 5) system.  I added a 
user using the system-config-users GUI and by running "useradd 
mytestuser" and both created a home directory with 700 permissions.

-Rob

James P. Kinney III wrote:
> Double check that. The default RedHat/Fedora/CentOS sets new user dirs
> in /home to be 700. This has been the default RedHat way since RedHat
> 4.1 (1995 or so). This is how my current testbed install of K12LTSP-EL
> v5 also does it. The standard security model of all things *NIX has no
> user having read access to any other user directory they do not own
> unless specially created by the admin. 
> 
> If all of the /home/* dirs are set to 755, or worse 777, there has been
> a security breach of either admin mistake or elevated privileges by a
> user.
> On Thu, 2008-07-10 at 09:13 -0700, Huck wrote:
>> unless something has changed the default was 755 ...at least with all of 
>> the K12LTSP installs I've done... users of the same group were always 
>> able to see others' files...before tweaking a thing.
>>
>> rwxr-xr-x
>>
>> --Huck
>>
>> James P. Kinney III wrote:
>>> Hmm. The default user setup is 700. So unless the students are changing
>>> things something is wrong with the permission controls from Likewise.
>>>
>>> chmod 700 /home/*
>>>
>>> That will reset the permissions on all directories in /home .
>>> If the problem recurs, make it a cron job as follows:
>>>
>>> crontab -e
>>>
>>> Now PgDn to the bottom of the file and hit "A" (capital letter A for
>>> Append) and hit the enter to start a new line
>>>
>>> now type in:
>>>
>>> * 7,11 * * * chmod 700 /home/*
>>>
>>> then hit <Esc> then :wq
>>>
>>> (yes this is a vi environment - it's good to know at least the basics!)
>>>
>>> So now, every day at 7 and 11 am all directories will be reset to perms
>>> 700. If you want to do it every 2 hours, change the 7,11 to be */2 . If
>>> you want 3pm only, use 15 instead of 7,11 .
>>>
>>> If you don't want an email of everytime it runs make the first line of
>>> the crontab :
>>>
>>> MAILTO=''
>>>
>>> But I would look into WHY and HOW the perms were changed in the first
>>> place. Something is amiss!
>>> On Thu, 2008-07-10 at 06:54 -0700, Ernie Hudson wrote:
>>>> Does anyone have an easy way to change the permissions on the home
>>>> directories so that only the owner has access to it. We have some very
>>>> bright students and they have found out that they can copy work from
>>>> someone else and have more free time. I am using the 5EL and have
>>>> single sign on using likewise open from my windows server using active
>>>> directory. I know I can change them one at a time using “chmod 700
>>>> filename”. I am not adept at writing scripts and hoping someone can
>>>> help.
>>>>
>>>>  
>>>>
>>>>  
>>>>
>>>> outlook signature
>>>>
>>>>  
>>>>
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________
>>>> Statement of Confidentiality: The contents of this e-mail message and
>>>> any attachments are intended solely for the addressee. The information
>>>> may also be confidential and/or legally privileged. This transmission
>>>> is sent for the sole purpose of delivery to the intended recipient. If
>>>> you have received this transmission in error, any use, reproduction,
>>>> or dissemination of this transmission is strictly prohibited. If you
>>>> are not the intended recipient, please immediately notify the sender
>>>> by reply e-mail, send a copy to postmaster at snowlineschools.com and
>>>> delete this message and its attachments, if any.
>>>>
>>>> E-mail is covered by the Electronic Communications Privacy Act, 18 USC
>>>> SS 2510-2521 and is legally privileged.
>>>>
>>>> -- 
>>>> This message has been scanned for viruses and 
>>>> dangerous content by MailScanner, and is 
>>>> believed to be clean. 
>>>> _______________________________________________
>>>> K12OSN mailing list
>>>> K12OSN at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>> For more info see <http://www.k12os.org>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>
********************************************************

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this transmission in
error please notify the sender immediately and then delete this e-mail.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard copy
version.

********************************************************

More information about the K12OSN mailing list