Disallow other users from reading my $HOME
in [Debian]
|
From: green on 8 Jan 2010 17:50 Dotan Cohen wrote at 2010-01-08 15:52 -0600: > > In addition to using chmod as suggested by others, for securing > > your files, why not try using encfs on directories that you *really* want > > to protect from prying eyes? The added bonus is even root cannot see > > those files and booting off a cd also will not let others look at > > your files. > > Thanks for the idea. I do not need that level of security, I just want > to open another account on this machine so that my neighbour can send > me pics of our daughters' joint birthday party over wifi! I like > having the security that if some component of this machine breaks, I > can mount the drive anywhere and recover the data. Have you considered Samba? I think you can set up a password-protected or public share without adding a user to the system.
From: Dotan Cohen on 8 Jan 2010 18:00 > Have you considered Samba? Â I think you can set up a password-protected or > public share without adding a user to the system. > Does that work over wifi? I figured that I would just give him the password to the already-existing "guest" user on this system and let him SSH in. He can figure out what to do with Putty on his Windows machine, I'm sure. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: green on 9 Jan 2010 00:00 Dotan Cohen wrote at 2010-01-08 16:58 -0600: > > Have you considered Samba? Â I think you can set up a password-protected or > > public share without adding a user to the system. > > Does that work over wifi? Certainly. If your computer is on the same network as his (both connected to the same access point), Windows should list your computer in "Network Places" or somesuch. Or just use "Map Network Drive" and the address "\\<yourip>\<sharename>". > I figured that I would just give him the > password to the already-existing "guest" user on this system and let > him SSH in. He can figure out what to do with Putty on his Windows > machine, I'm sure. I would consider Samba to be more secure (other thoughts anyone?); I feel cautious about giving someone a network-accessible shell. Samba will limit access to a specific folder.
From: Andrei Popescu on 9 Jan 2010 18:10 On Wed,06.Jan.10, 15:11:17, Bob McGowan wrote: > And 700 is not excessively paranoid. Since anyone can belong to a > group, it is possible for the "personal" group to have other names added > to it. Using 700 guarantees they have no access, if this should happen. Only root can do that and if you don't trust root on a system nothing will help. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
From: Dotan Cohen on 18 Jan 2010 07:40
2010/1/10 Andrei Popescu <andreimpopescu(a)gmail.com>: > On Fri,08.Jan.10, 22:57:50, green wrote: >> >> I would consider Samba to be more secure (other thoughts anyone?); I feel >> cautious about giving someone a network-accessible shell. >> >> Samba will limit access to a specific folder. > > There are various ways to limit access to sftp only if an additional > server is not desired and speed is not an issue. > Speed is an issue (transfering gigs), but if it is not excessively slow than we could live with it. What are the various ways? I have googled a bit, but found nothing better than a simple user account for him. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org |