Prev: Using LightScribe on Debian? <Getting OT now>
Next: how to get mac address
From: Dotan Cohen on 6 Jan 2010 16:20
What are good permissions to use for one's home directory so that
other users on the system could not read or otherwise access my files?
Is 700 too paranoid? Should it be 755 like I see so many times? Will I
have problems with 750?

Thanks in advance for ideas.


--
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: green on 6 Jan 2010 16:40
Dotan Cohen wrote at 2010-01-06 15:16 -0600:
> What are good permissions to use for one's home directory so that
> other users on the system could not read or otherwise access my files?
> Is 700 too paranoid? Should it be 755 like I see so many times? Will I
> have problems with 750?

For files that already exist, I would use
u=rwX,g=rX,o=
I do not know how that translates to the number.
Note that will leave execution bits on non-directory files that already have
them for some user.

I use umask 0027 so that new files have permissions -rw-r-----.
From: Ken Teague on 6 Jan 2010 16:40
On Wed, Jan 6, 2010 at 1:16 PM, Dotan Cohen <dotancohen(a)gmail.com> wrote:

> What are good permissions to use for one's home directory so that
> other users on the system could not read or otherwise access my files?
> Is 700 too paranoid? Should it be 755 like I see so many times? Will I
> have problems with 750?
>

If you don't want others to have access to your home directory, use mode
700. Personally, I don't find it to be too paranoid, and prefer it that
way.
From: Ken Teague on 6 Jan 2010 17:10
On Wed, Jan 6, 2010 at 1:30 PM, green <greenfreedom10(a)gmail.com> wrote:

> For files that already exist, I would use
> u=rwX,g=rX,o=
> I do not know how that translates to the number.
> Note that will leave execution bits on non-directory files that already
> have
> them for some user.
>
> I use umask 0027 so that new files have permissions -rw-r-----.
>

In his original e-mail, Mr. Cohen is looking for permissions so that other
users can not read or access his data. Correct me if I'm wrong, but that
pretty much leaves us with mode 700, umask 077.
From: green on 6 Jan 2010 17:50
Ken Teague wrote at 2010-01-06 15:59 -0600:
> On Wed, Jan 6, 2010 at 1:30 PM, green <[1]greenfreedom10(a)gmail.com> wrote:
> > For files that already exist, I would use
> > u=rwX,g=rX,o=
> > I do not know how that translates to the number.
> > Note that will leave execution bits on non-directory files that already have
> >them for some user.
> >
> > I use umask 0027 so that new files have permissions -rw-r-----.
>
> In his original e-mail, Mr. Cohen is looking for permissions so that other
> users can not read or access his data. Correct me if I'm wrong, but that
> pretty much leaves us with mode 700, umask 077.

Hmm, you are correct. I carelessly assumed that (1) any files owned by groups
other than his personal group (owned by other than user:user), and (2) any
users in his personal group, were that way for a reason.

But he probably doesn't want all his files marked as executable.

$ umask 0077
$ touch abc
$ ls -lh abc
-rw------- 1 user user 0 2010-01-06 16:36 abc
$ chmod 700 abc
$ ls -lh abc
-rwx------ 1 user user 0 2010-01-06 16:36 abc

So I change my suggestion to
u=rwX,g=,o=

Is that possible with numeric form (the execute bit)?
 |  Next  |  Last
Pages: 1 2 3 4 5 6
Prev: Using LightScribe on Debian? <Getting OT now>
Next: how to get mac address