Why can other users see the files in my home folder? Announcing the arrival of Valued...

How to compare two different files line by line in unix?

Is it a good idea to use CNN to classify 1D signal?

また usage in a dictionary

What does this Jacques Hadamard quote mean?

Maximum summed powersets with non-adjacent items

Why aren't air breathing engines used as small first stages

Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?

Generate an RGB colour grid

Is safe to use va_start macro with this as parameter?

How could we fake a moon landing now?

What is the meaning of the simile “quick as silk”?

Why are the trig functions versine, haversine, exsecant, etc, rarely used in modern mathematics?

Amount of permutations on an NxNxN Rubik's Cube

How do I find out the mythology and history of my Fortress?

What does the "x" in "x86" represent?

Crossing US/Canada Border for less than 24 hours

Do I really need recursive chmod to restrict access to a folder?

Trademark violation for app?

Is the Standard Deduction better than Itemized when both are the same amount?

Extracting terms with certain heads in a function

If a VARCHAR(MAX) column is included in an index, is the entire value always stored in the index page(s)?

What is homebrew?

How to react to hostile behavior from a senior developer?

Why are there no cargo aircraft with "flying wing" design?



Why can other users see the files in my home folder?



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)How to make sure other users can't see my files?Default home directory permission allow read?Why do user directories have such lax permissions by default?What is “umask” and how does it work?How do file permissions work?How can I prevent other users from accessing my home directory?Hide multiple files at once with shell scriptIs there a default folder for sharing files with other users?Why is a user not a member of their private group (UPG) according to the GUI? (although CLI proves the opposite…)Is running unknown applications in a separate non root account safe?How can I restrict program access to other users?How to make sure other users can't see my files?Share folder between usersHome folder not writeableHow can I mv files from another user to my Home folder (knowing the password of the other user)?Want to share only the MUSIC folder with the other users and not HOME folder completelyAccessing Files in Other Users FTP Folder?16.04 - attempting to take ownership of home directory of other user via shared group privilegesUnable to access old (deleted) user's home folder and files and don't have permissions to read, write or delete themCan root see my encrypted /home folder?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







32















I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.



What is the rational for setting up such lax permissions?










share|improve this question























  • Related: unix.stackexchange.com/a/315197/85039

    – Sergiy Kolodyazhnyy
    Mar 5 '17 at 8:20


















32















I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.



What is the rational for setting up such lax permissions?










share|improve this question























  • Related: unix.stackexchange.com/a/315197/85039

    – Sergiy Kolodyazhnyy
    Mar 5 '17 at 8:20














32












32








32


18






I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.



What is the rational for setting up such lax permissions?










share|improve this question














I just added a new, underprivileged "desktop user," and I was surprised to discover that it can see the files in my home folder.



What is the rational for setting up such lax permissions?







permissions users default privacy






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jun 2 '11 at 1:53









ændrükændrük

42.4k61195343




42.4k61195343













  • Related: unix.stackexchange.com/a/315197/85039

    – Sergiy Kolodyazhnyy
    Mar 5 '17 at 8:20



















  • Related: unix.stackexchange.com/a/315197/85039

    – Sergiy Kolodyazhnyy
    Mar 5 '17 at 8:20

















Related: unix.stackexchange.com/a/315197/85039

– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20





Related: unix.stackexchange.com/a/315197/85039

– Sergiy Kolodyazhnyy
Mar 5 '17 at 8:20










6 Answers
6






active

oldest

votes


















26














A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.



If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.



For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:



umask 027


You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.



Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:



chmod -R o-rwx ~


Now if you decide to share the ~/Public folder to everyone, run the next commands:





  • chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)


  • find ~/Public -type f -exec chmod o+r {} ; - allow everyone to read the files in ~/Public


  • find ~/Public -type d -exec chmod o+rx {} ; - allow everyone to descend into directories and list their contents


If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):



chmod -R o+rX ~/Public





share|improve this answer

































    12














    According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.



    You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.



    Command is:



    chmod 750 $HOME


    Note: Ubuntu default is 755






    share|improve this answer





















    • 2





      Of course other users shouldn't be sudoers.

      – Pablo Bianchi
      Feb 3 '18 at 4:29



















    5














    You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.






    share|improve this answer





















    • 4





      I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.

      – ændrük
      Jun 10 '11 at 4:10



















    4














    According to Mark Shuttleworth,




    "The majority of users of Ubuntu systems either have exclusive use of the
    machine (personal laptop) or are sharing with friends and relatives. We
    assume that the people who share the machine are either trusted, or in a
    position to hack the machine (boot from USB!) trivially. As a result,
    there is little to no benefit"




    ... from removing those permissions.






    share|improve this answer



















    • 10





      I think having the same behavior in the Server edition is a security hole

      – warvariuc
      Mar 28 '15 at 6:55






    • 1





      That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.

      – Barafu Albino
      Oct 11 '15 at 14:51






    • 1





      I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.

      – mauron85
      Apr 12 '17 at 11:25



















    1














    I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with



    chmod -R o+rX ~/Public



    This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.






    share|improve this answer































      0














      Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.



      The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.



      Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:



      sudo apt-get install encryptfs-utils
      encryptfs-migrate-home





      share|improve this answer
























        Your Answer








        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "89"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f46501%2fwhy-can-other-users-see-the-files-in-my-home-folder%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        6 Answers
        6






        active

        oldest

        votes








        6 Answers
        6






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        26














        A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.



        If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.



        For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:



        umask 027


        You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.



        Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:



        chmod -R o-rwx ~


        Now if you decide to share the ~/Public folder to everyone, run the next commands:





        • chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)


        • find ~/Public -type f -exec chmod o+r {} ; - allow everyone to read the files in ~/Public


        • find ~/Public -type d -exec chmod o+rx {} ; - allow everyone to descend into directories and list their contents


        If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):



        chmod -R o+rX ~/Public





        share|improve this answer






























          26














          A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.



          If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.



          For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:



          umask 027


          You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.



          Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:



          chmod -R o-rwx ~


          Now if you decide to share the ~/Public folder to everyone, run the next commands:





          • chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)


          • find ~/Public -type f -exec chmod o+r {} ; - allow everyone to read the files in ~/Public


          • find ~/Public -type d -exec chmod o+rx {} ; - allow everyone to descend into directories and list their contents


          If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):



          chmod -R o+rX ~/Public





          share|improve this answer




























            26












            26








            26







            A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.



            If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.



            For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:



            umask 027


            You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.



            Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:



            chmod -R o-rwx ~


            Now if you decide to share the ~/Public folder to everyone, run the next commands:





            • chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)


            • find ~/Public -type f -exec chmod o+r {} ; - allow everyone to read the files in ~/Public


            • find ~/Public -type d -exec chmod o+rx {} ; - allow everyone to descend into directories and list their contents


            If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):



            chmod -R o+rX ~/Public





            share|improve this answer















            A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.



            If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.



            For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:



            umask 027


            You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.



            Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:



            chmod -R o-rwx ~


            Now if you decide to share the ~/Public folder to everyone, run the next commands:





            • chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)


            • find ~/Public -type f -exec chmod o+r {} ; - allow everyone to read the files in ~/Public


            • find ~/Public -type d -exec chmod o+rx {} ; - allow everyone to descend into directories and list their contents


            If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):



            chmod -R o+rX ~/Public






            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Apr 13 '17 at 12:25









            Community

            1




            1










            answered Jun 2 '11 at 8:04









            LekensteynLekensteyn

            124k49270362




            124k49270362

























                12














                According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.



                You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.



                Command is:



                chmod 750 $HOME


                Note: Ubuntu default is 755






                share|improve this answer





















                • 2





                  Of course other users shouldn't be sudoers.

                  – Pablo Bianchi
                  Feb 3 '18 at 4:29
















                12














                According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.



                You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.



                Command is:



                chmod 750 $HOME


                Note: Ubuntu default is 755






                share|improve this answer





















                • 2





                  Of course other users shouldn't be sudoers.

                  – Pablo Bianchi
                  Feb 3 '18 at 4:29














                12












                12








                12







                According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.



                You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.



                Command is:



                chmod 750 $HOME


                Note: Ubuntu default is 755






                share|improve this answer















                According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.



                You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.



                Command is:



                chmod 750 $HOME


                Note: Ubuntu default is 755







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jun 2 '11 at 2:25

























                answered Jun 2 '11 at 2:19









                Jason IversonJason Iverson

                558312




                558312








                • 2





                  Of course other users shouldn't be sudoers.

                  – Pablo Bianchi
                  Feb 3 '18 at 4:29














                • 2





                  Of course other users shouldn't be sudoers.

                  – Pablo Bianchi
                  Feb 3 '18 at 4:29








                2




                2





                Of course other users shouldn't be sudoers.

                – Pablo Bianchi
                Feb 3 '18 at 4:29





                Of course other users shouldn't be sudoers.

                – Pablo Bianchi
                Feb 3 '18 at 4:29











                5














                You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.






                share|improve this answer





















                • 4





                  I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.

                  – ændrük
                  Jun 10 '11 at 4:10
















                5














                You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.






                share|improve this answer





















                • 4





                  I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.

                  – ændrük
                  Jun 10 '11 at 4:10














                5












                5








                5







                You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.






                share|improve this answer















                You can read the User Management section of the Ubuntu Server Guide which covers the necessary details. The User Profile Security paragraph will probably answer your questions - officially.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Feb 7 '18 at 17:04









                David Foerster

                28.7k1367113




                28.7k1367113










                answered Jun 2 '11 at 3:09









                Pavlos G.Pavlos G.

                7,39612733




                7,39612733








                • 4





                  I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.

                  – ændrük
                  Jun 10 '11 at 4:10














                • 4





                  I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.

                  – ændrük
                  Jun 10 '11 at 4:10








                4




                4





                I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.

                – ændrük
                Jun 10 '11 at 4:10





                I appreciate the official source. Sadly, though, it doesn't look like it provides any justification.

                – ændrük
                Jun 10 '11 at 4:10











                4














                According to Mark Shuttleworth,




                "The majority of users of Ubuntu systems either have exclusive use of the
                machine (personal laptop) or are sharing with friends and relatives. We
                assume that the people who share the machine are either trusted, or in a
                position to hack the machine (boot from USB!) trivially. As a result,
                there is little to no benefit"




                ... from removing those permissions.






                share|improve this answer



















                • 10





                  I think having the same behavior in the Server edition is a security hole

                  – warvariuc
                  Mar 28 '15 at 6:55






                • 1





                  That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.

                  – Barafu Albino
                  Oct 11 '15 at 14:51






                • 1





                  I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.

                  – mauron85
                  Apr 12 '17 at 11:25
















                4














                According to Mark Shuttleworth,




                "The majority of users of Ubuntu systems either have exclusive use of the
                machine (personal laptop) or are sharing with friends and relatives. We
                assume that the people who share the machine are either trusted, or in a
                position to hack the machine (boot from USB!) trivially. As a result,
                there is little to no benefit"




                ... from removing those permissions.






                share|improve this answer



















                • 10





                  I think having the same behavior in the Server edition is a security hole

                  – warvariuc
                  Mar 28 '15 at 6:55






                • 1





                  That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.

                  – Barafu Albino
                  Oct 11 '15 at 14:51






                • 1





                  I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.

                  – mauron85
                  Apr 12 '17 at 11:25














                4












                4








                4







                According to Mark Shuttleworth,




                "The majority of users of Ubuntu systems either have exclusive use of the
                machine (personal laptop) or are sharing with friends and relatives. We
                assume that the people who share the machine are either trusted, or in a
                position to hack the machine (boot from USB!) trivially. As a result,
                there is little to no benefit"




                ... from removing those permissions.






                share|improve this answer













                According to Mark Shuttleworth,




                "The majority of users of Ubuntu systems either have exclusive use of the
                machine (personal laptop) or are sharing with friends and relatives. We
                assume that the people who share the machine are either trusted, or in a
                position to hack the machine (boot from USB!) trivially. As a result,
                there is little to no benefit"




                ... from removing those permissions.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 28 '13 at 22:48









                ignisignis

                3,3112024




                3,3112024








                • 10





                  I think having the same behavior in the Server edition is a security hole

                  – warvariuc
                  Mar 28 '15 at 6:55






                • 1





                  That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.

                  – Barafu Albino
                  Oct 11 '15 at 14:51






                • 1





                  I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.

                  – mauron85
                  Apr 12 '17 at 11:25














                • 10





                  I think having the same behavior in the Server edition is a security hole

                  – warvariuc
                  Mar 28 '15 at 6:55






                • 1





                  That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.

                  – Barafu Albino
                  Oct 11 '15 at 14:51






                • 1





                  I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.

                  – mauron85
                  Apr 12 '17 at 11:25








                10




                10





                I think having the same behavior in the Server edition is a security hole

                – warvariuc
                Mar 28 '15 at 6:55





                I think having the same behavior in the Server edition is a security hole

                – warvariuc
                Mar 28 '15 at 6:55




                1




                1





                That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.

                – Barafu Albino
                Oct 11 '15 at 14:51





                That is a crazy explanations. Other than people accounts there are technical accounts that people can use to isolate applications. Additionally there is a lot of instructions on how to set up a local ftp server that essentially shares the account on the machine.

                – Barafu Albino
                Oct 11 '15 at 14:51




                1




                1





                I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.

                – mauron85
                Apr 12 '17 at 11:25





                I know this is old thread, but consider this as stupid decision. Imagine one of the users run app/script (can be unintentionally) which is able to read and send files from any other profile.

                – mauron85
                Apr 12 '17 at 11:25











                1














                I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with



                chmod -R o+rX ~/Public



                This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.






                share|improve this answer




























                  1














                  I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with



                  chmod -R o+rX ~/Public



                  This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.






                  share|improve this answer


























                    1












                    1








                    1







                    I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with



                    chmod -R o+rX ~/Public



                    This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.






                    share|improve this answer













                    I think Lekensteyn's answer can be improved by replacing the last two find commands with chmod using -X option (note the capital X). The two find commands can be replaced with



                    chmod -R o+rX ~/Public



                    This differentiates appropriately between files and directories, but does have the additional effect of allowing others to run executable files.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Mar 25 '12 at 19:11









                    spinupspinup

                    32216




                    32216























                        0














                        Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.



                        The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.



                        Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:



                        sudo apt-get install encryptfs-utils
                        encryptfs-migrate-home





                        share|improve this answer




























                          0














                          Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.



                          The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.



                          Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:



                          sudo apt-get install encryptfs-utils
                          encryptfs-migrate-home





                          share|improve this answer


























                            0












                            0








                            0







                            Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.



                            The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.



                            Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:



                            sudo apt-get install encryptfs-utils
                            encryptfs-migrate-home





                            share|improve this answer













                            Since it is privacy that interests you (judging from the tags that were applied) it is very possible that setting permissions is insufficient (see ignis's answer). The answer may be something along the lines of an encrypted home directory. This solution is specifically designed against the attack by another user of a computer. It will, of course, be unable to stop another user from damaging your files (by simply removing ~/.Private directory, thus erasing all of your files), but they will be unable to mount the directory and see the files without your password.



                            The easiest way to achieve that is during the installation process, there is a check box, stating "Encrypt your home directory" and you need to select that.



                            Since it is unlikely that you will want to reinstall just for that (and because it still carries all the risks that are entailed with doing it without reinstall), you can do the following:



                            sudo apt-get install encryptfs-utils
                            encryptfs-migrate-home






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered 19 mins ago









                            v010dyav010dya

                            7022929




                            7022929






























                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Ask Ubuntu!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f46501%2fwhy-can-other-users-see-the-files-in-my-home-folder%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

                                Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

                                Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...