Results 1 to 10 of 10

Thread: directories with different permissions on my home

  1. #1

    Default directories with different permissions on my home

    I found out that my home dir contains files and directories with different permissions, as detailed here:

    Code:
     ls -latotale 4520
    drwxr-xr-x 61 stefano users   32768  5 lug 23.17 .
    drwxr-xr-x  4 root    root     4096  5 lug 23.07 ..
    drwxr-xr-x  7 stefano users    4096  8 giu 12.37 Apps
    -rw-------  1 stefano users   22210  5 lug 22.52 .bash_history
    -rw-------  1 stefano users       0  5 feb 18.47 .bash_history-02260.tmp
    -rw-------  1 stefano users       0 13 giu 23.08 .bash_history-04844.tmp
    -rw-------  1 stefano users       0 14 dic  2016 .bash_history-12853.tmp
    -rw-------  1 stefano users       0  1 feb 15.06 .bash_history-15493.tmp
    -rw-r--r--  1 stefano users    1408 11 set  2016 .bashrc
    drwx------ 30 stefano users    4096  5 lug 23.08 .cache
    drwxr-xr-x  4 stefano users    4096 17 ott  2016 .cddb
    drwx------ 51 stefano users   12288  5 lug 23.14 .config
    drwx------  2 stefano users    4096 21 set  2016 .cups
    drwx------  3 stefano users    4096 11 set  2016 .dbus
    drwxr-xr-x  3 stefano users    4096 14 giu 16.06 .designer
    -rw-------  1 stefano users      48  5 lug 23.12 .directory
    -rw-r--r--  1 stefano users      46  9 feb 18.51 .dmrc
    drwxr-xr-x 14 stefano users    4096  1 lug 12.55 Documenti
    drwx------  6 stefano users    4096  5 lug 23.06 .dropbox
    drwx------  8 stefano users    4096 13 giu 13.54 Dropbox
    drwxr-xr-x  3 stefano users    4096 26 giu 12.12 .dropbox-dist
    drwxr-xr-x 66 stefano users    4096 14 giu 16.07 .dvdcss
    -rw-r--r--  1 stefano users    1637 11 set  2016 .emacs
    -rw-------  1 stefano users      16 11 set  2016 .esd_auth
    -rw-r--r--  1 stefano users  530005 31 mag 22.10 .face
    lrwxrwxrwx  1 stefano users      19 31 mag 22.10 .face.icon -> /home/stefano/.face
    drwx------  3 stefano users    4096  7 giu 15.21 .fltk
    drwxr-xr-x  4 stefano users    4096 14 giu 16.07 .Fontmatrix
    drwxr-xr-x  5 stefano users    4096  6 dic  2016 .fonts
    -rw-r--r--  1 stefano users     288 15 mag 19.40 .fonts.conf
    drwxr-xr-x  7 stefano users    4096  2 giu 16.05 .forge
    drwxr-xr-x  3 stefano users    4096  8 giu 15.47 .freemind
    drwxr-xr-x 25 stefano users    4096  2 lug 20.05 .gimp-2.8
    drwxr-xr-x  5 stefano users    4096 30 mag 12.38 Giochi
    drwx------  3 stefano users    4096 12 set  2016 .gnome
    drwx------  3 stefano users    4096 12 set  2016 .gnome2
    drwx------  2 stefano users    4096 12 set  2016 .gnome2_private
    drwx------  5 stefano users    4096 23 giu 09.11 .gnupg
    drwx------  4 stefano users    4096 29 mag 12.14 .googleearth
    drwxr-xr-x  2 stefano users    4096 14 giu 16.03 .gphoto
    -rw-r--r--  1 stefano users     514 13 ott  2016 .gtkrc-2.0
    lrwxrwxrwx  1 stefano users      24 13 ott  2016 .gtkrc-2.0-kde4 -> /home/stefano/.gtkrc-2.0
    drwxr--r--  2 stefano users    4096 14 feb 20.45 .hardinfo
    -rw-r--r--  1 stefano users      73 11 set  2016 .i18n
    drwxr-xr-x  2 stefano users    4096 12 set  2016 .icons
    drwxr-xr-x 17 stefano users    4096 20 giu 21.50 Immagini
    -rw-r--r--  1 stefano users     861 11 set  2016 .inputrc
    drwxr-xr-x  2 stefano users    4096 17 set  2016 .irc_logs
    drwxr-xr-x  4 stefano users    4096 15 set  2016 .java
    drwxr-xr-x  3 stefano users    4096 11 set  2016 .kde4
    drwx------  2 stefano users    4096 27 set  2016 .kmail2
    drwxr-xr-x  7 stefano users    4096  1 mar 16.46 .kodi
    drwx------  2 stefano users    4096 11 set  2016 .kontact
    -rw-r--r--  1 stefano users      94 23 giu 18.27 .lircrc
    drwx------  3 stefano users    4096 11 set  2016 .local
    lrwxrwxrwx  1 stefano users      23 11 set  2016 .media -> /var/run/media/stefano/
    drwxr-xr-x  2 stefano users    4096 11 set  2016 Modelli
    drwx------  5 stefano users    4096 20 apr 18.39 .mozilla
    drwxr-xr-x  5 stefano users    4096 17 ott  2016 Musica
    -rw-------  1 stefano users       0 12 set  2016 .mysql_history
    drwx------  3 stefano users    4096 11 set  2016 .pki
    -rw-r--r--  1 stefano users    1028 11 set  2016 .profile
    drwxr-xr-x  2 stefano users    4096 13 feb 12.31 .projectM
    -rw-r--r--  1 stefano users       2 15 ott  2016 .ptbt0
    drwxr-xr-x  6 stefano users    4096  1 lug 14.32 Pubblici
    drwxr-xr-x  5 stefano users    4096  5 lug 18.28 public_html
    -rw-------  1 stefano users      18 23 feb 12.01 .pyhistory
    drwx------  2 stefano users    4096 12 set  2016 .QtWebEngineProcess
    drwxr-xr-x  6 stefano users   12288  5 lug 22.15 Scaricati
    drwxr-xr-x  9 stefano users    4096 14 giu 16.07 .scribus
    drwxr-xr-x  3 stefano users    4096  2 giu 16.20 Scripts
    drwxr-xr-x  6 stefano users    4096  5 lug 14.38 Scrivania
    drwx------  2 stefano users    4096 12 set  2016 .ssh
    drwxr-xr-x  5 stefano users    4096  4 nov  2016 .ssr
    drwxr-xr-x  5 stefano users    4096  1 lug 08.47 .stellarium
    drwxr-xr-x  3 stefano users    4096 13 ott  2016 .suslictk
    drwxr-xr-x  4 stefano users    4096  5 lug 13.17 .TelegramDesktop
    drwx------  5 stefano users    4096 13 dic  2016 .thumbnails
    drwxr-xr-x  2 stefano users    4096 29 giu 19.35 .vbox
    drwxr-xr-x  6 stefano users    4096 14 mag 22.07 Video
    drwxr-xr-x  3 stefano users    4096 30 giu 18.50 VirtualMachines
    drwxr-xr-x  2 stefano users    4096 29 set  2016 .vnc
    -rw-r--r--  1 stefano users     375 22 mag 23.07 .wget-hsts
    -rw-------  1 stefano users      55  5 lug 23.05 .Xauthority
    -rw-r--r--  1 stefano users    1951 11 set  2016 .xim.template
    -rwxr-xr-x  1 stefano users    1112 11 set  2016 .xinitrc.template
    -rw-------  1 stefano users  151563  5 lug 23.21 .xsession-errors-:0
    -rw-------  1 stefano users 3396574 29 giu 19.32 .xsession-errors-:1
    -rw-r--r--  1 stefano users  136335  2 apr 13.56 .y2log
    drwxr-xr-x  2 stefano users    4096 14 giu 16.03 .zenmap
    drwxr-xr-x  3 stefano users    4096 23 giu 19.25 ZZZ ARCHIVIARE
    Some directories have permissions set to 755, other to 700. Files have similar analogue values. Why?
    I was thinking that that files and dirs were created by taking into account the umask value (the default 0022), but it seems that many of these files and directories instead use different values.

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,864

    Default Re: directories with different permissions on my home

    When a program wants to create a new file (that includes of course directories), it asks the kernel to do so. With that request goes a proposal fore setting the permission bits, which means that it is application dependend (and within that application it can depend on other things) what is proposed. The umask is then used to mask bits in the proposed permissions. Which mean that possibly some of the proposed bits will be set off. It never means that bits that are not proposed are set on.

    The umask is NOT what should be set, it is what NOT should be set.

    Thus when you do not want bits set for e.g. the world, your umask should be 007. When a program then proposes to set to rwxr-xr-x, the result will be rwxr-x---.
    But when you set the umask to 000 with the same proposal, the result will be unchanged rwxr-xr-x (and NOT rwxrwxrwx as you seem to think).
    It is up to the user to set a restrictive umask to his needs.
    Henk van Velden

  3. #3

    Default Re: directories with different permissions on my home

    So in other words umask is just the minimum set of restrictions, and the different permissions that I noticed is because every program can be more but not less restrictive, right?

  4. #4
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,650
    Blog Entries
    14

    Default Re: directories with different permissions on my home

    Quote Originally Posted by sekhemty View Post
    So in other words umask is just the minimum set of restrictions, and the different permissions that I noticed is because every program can be more but not less restrictive, right?
    Accurate description.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  5. #5

    Default Re: directories with different permissions on my home

    Well, now the difficult one.

    How can I override the program permissions proposals of the programs, and set not only a minimum set of restrictions, but also a minimum set of permissions? I'd like to have two user homes to be at least fully readable from each other (and if possible writable to some extent), but under these settings, many things that I want to share are too much restricted (i.e. the Dropbox directory, configuration paths like .config, .local/share, etc.).

    I'm trying to find out if there is a viable way to setup two user profiles on my laptop to create different environments for work and personal things. These would be just different computer accounts, the one and only user of my laptop is me, the machine is not shared with anybody else. I have already described this thing here.

    Ideally, all user created files should be kept separated, while DE related settings files would be shared (by hyperlinking or at least manually copying once they are set once); for individual program settings, it depends, some would be handy to be shared, for others id doesn't matter.

    Like I said, I'd like to be able to have at least full reading access to the other home directory, but currently I'm unable to do so because the files are owned to the other user account and the permissions are too restrictive.

    Sorry for the headaches that I might have caused, all of this seems not only to be a pain to set up but also to explain it.

  6. #6
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,650

    Default Re: directories with different permissions on my home

    Join them in the same group and set group permissions on directory/files

    You can us the USER group but using a new group allow perhaps other users out.

  7. #7
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,650
    Blog Entries
    14

    Default Re: directories with different permissions on my home

    Of course this is possible. Desirable? No. Not as you describe it. But, you could create a /home/data folder and set the permissions so that both users can access. Or, if you're using KDE Plasma 5 take some time to learn about acitivities.
    A warning: things like this bring your system miles away from any defaults, whenever you need support this is gonna work against you.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,864

    Default Re: directories with different permissions on my home

    While the above answers are true (of course), I am not going to comment on your question, because I am not 100% sure I understand all you say. To begin with, also for your own understanding, you should do one step backward and understand that talking about "I" without further definition who "I" is to the computer is confusing. The computer does not know "people". In your system only users are defined (first by their UID, the number, and then. more easily to talk about, by their user names).

    So you better try to define what you want, I repeat: also to yourself, by talking more abstract about user alex and user bernard and so on. Their primary group(s), and the other groups they are member of. And your abstract way of thinking should see them as different people, or at least as the same human being in complete different roles.

    Only so, and of course with a thorough understanding of the Unix/Linux way of file access protection by ownership (user and group) and permissions (read, write, execute, suid for user, group and/or world/others) can you try to design a solution for what you want.

    Oh, and no, there is not way to force a program to add permission bits to what it thinks should be the permissions of a file to create, other then changing the program source and recompiling.

    Unix/Linux is designed with a certain security concept in mind. And the defaults are often aiming at maximum of security. Using those rules to trade security against usability is of course possible to a certain extend (alex can of course change the permissions of all his files to rwxrwxrwx if he wants so, or otherwise set an umask of 027 instead of 022), but trying to create a situation that ignores the basic concepts will forward you into a dead alley where, as Knurpht warns you, you will see no followers to help you when needed.
    Henk van Velden

  9. #9
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,650
    Blog Entries
    14

    Default Re: directories with different permissions on my home

    Quote Originally Posted by hcvv View Post
    While the above answers are true (of course), I am not going to comment on your question, because I am not 100% sure I understand all you say. To begin with, also for your own understanding, you should do one step backward and understand that talking about "I" without further definition who "I" is to the computer is confusing. The computer does not know "people". In your system only users are defined (first by their UID, the number, and then. more easily to talk about, by their user names).

    So you better try to define what you want, I repeat: also to yourself, by talking more abstract about user alex and user bernard and so on. Their primary group(s), and the other groups they are member of. And your abstract way of thinking should see them as different people, or at least as the same human being in complete different roles.

    Only so, and of course with a thorough understanding of the Unix/Linux way of file access protection by ownership (user and group) and permissions (read, write, execute, suid for user, group and/or world/others) can you try to design a solution for what you want.

    Oh, and no, there is not way to force a program to add permission bits to what it thinks should be the permissions of a file to create, other then changing the program source and recompiling.

    Unix/Linux is designed with a certain security concept in mind. And the defaults are often aiming at maximum of security. Using those rules to trade security against usability is of course possible to a certain extend (alex can of course change the permissions of all his files to rwxrwxrwx if he wants so, or otherwise set an umask of 027 instead of 022), but trying to create a situation that ignores the basic concepts will forward you into a dead alley where, as Knurpht warns you, you will see no followers to help you when needed.
    Wow, Henk, that was the long version. Clarifying as usual.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  10. #10

    Default Re: directories with different permissions on my home

    Ok, I understand; the whole thing sounded a bit tricky from the beginning, but I thought to ask anyway; it is always better to learn something than keep doubts.

    I'm suggested to use Plasma Activities, I played a bit with them, but from what I saw, these are more different desktop configurations than a way to separate a context to another. If they operate on a deeper level, I have not found out how to set them up correctly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •