private homedirs and separate XDG_PUBLICSHARE_DIR (/home/share/<username>)

Bug #204577 reported by ubuntu_demon
320
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Ubuntu
Confirmed
Wishlist
Unassigned

Bug Description

Your homedir should be private but there should be a special "public" readable folder where you can put files you want to share with other users of the same machine. (for example /home/share/<username>)

RATIONALE :
* the files in your home dir should not be read by others unless you give others permission to do so (privacy and security issue)
* with this solution people have an easy way of giving others permission to read their files

IMPLEMENTATION DETAILS :
XDG_PUBLICSHARE_DIR is defined in ~/.config/user-dirs.dirs and is set to $HOME/Public by default.
https://wiki.ubuntu.com/MultiUserManagement

(Originaly this Bug talked about setting specific umasks for directories (not supported with standard linux) and did not consider user private groups allowing a default umask of 002 and sgid group directories.)

original brainstorm link : http://brainstorm.ubuntu.com/idea/5287/

description: updated
description: updated
Revision history for this message
kenden (kenden) wrote :

There is a blueprint for this:
https://blueprints.launchpad.net/ubuntu/+spec/local-file-share

The blueprint is a better place to discuss the implementation, so I propose closing this bug, users should add comments to the blueprint instead.

Revision history for this message
ceg (ceg) wrote :

More info in Bug #252351

Revision history for this message
stlubuntu (jlrbennett) wrote :

Could this bug be included in the 100 paper cuts as it:

1. Appears to be quite easy to fix (for a developer)

2. Effects the user experience on the initial log on of a default Ubuntu desktop install
    (anytime there is more than one account on a single computer.)

This is a security concern that has been ignored as unimportant for a long time.

Thanks.

Revision history for this message
ceg (ceg) wrote :

Since the default umask is not path dependent a separate /home/share/<user> directories need to be set up for this. (rwxrwxr-x meaning writeable for user:user and worldreadable) Renaming this bug.

(The default umask needs to be 002 with user private groups to facilitate secure and easy collabortation. See https://wiki.ubuntu.com/MultiUserManagement)

ceg (ceg)
description: updated
summary: - The default umask should be set to 077. XDG_PUBLICSHARE_DIR should have
- umask 022
+ private homedirs and separate XDG_PUBLICSHARE_DIR
+ (/home/share/<username>)
Revision history for this message
Tarnay Kálmán (tarnay-kalman) wrote :

This bug is (not surprisingly) also present in the server versions of Ubuntu. I don't think such a default behavior is acceptable in a server distro.

Actually I don't even think it is acceptable in a desktop distro.

One can change whether newly created home folders are world-readable or not:
sudo dpkg-reconfigure adduser

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.