© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I think the current permissions are not perfect.
On one hand, I understand that locking down the home folder (700 permissions) would create some problems.
Samba wouldn't be able to share any folder inside ~/ to other users (especially guest users), Apache wouldn't be able to access ~/public_html (if using Apache userdir module), users would have difficulty sharing files and folders to others and be confused, etc.
On the other hand, this is a privacy/security issue. Most people think that their home folders are private.
At least the guest session cannot access /home, and encrypted home folders are private, so it's not completely terrible.
In my humble opinion, the home folder should remain open (755 permissions), but all default folders and files inside (including ~/.config, ~/.local, etc.) should be made private (700 permissions) by default, except ~/Public.
Users can then change the permissions to share something, or move the files to ~/Public.
The file manager could also warn the user, in the permissions tab, when a file/folder, according to its permissions, should be accessible by others/group, but isn't because the parent folders are not accessible (fixing some confusion).
This would probably mean patching xdg-user-
If not, the users should at least be warned that everyone can access their home folders.
This could be achieved by adding an information/warning balloon/tip to the file manager when it's in the home folder (like Nautilus does in ~/Templates), and if it's world readable (but allow the warning to be dismissed).
The warning could also be added to the "encrypt home folder" option during the installation: if it's not selected, warn the user that the home folder will be accessible by other users.
As a side note, it would be awesome if the file manager could show and manage ACLs (and setuid, setgid and sticky bits) out of the box, like KDE's Dolphin does. This would make sharing files with a specific user even easier.
"eiciel" adds ACL support to Nautilus, but it's not installed by default.