directories with different permissions on my home

I found out that my home dir contains files and directories with different permissions, as detailed here:

 ls -latotale 4520
drwxr-xr-x 61 stefano users   32768  5 lug 23.17 .
drwxr-xr-x  4 root    root     4096  5 lug 23.07 ..
drwxr-xr-x  7 stefano users    4096  8 giu 12.37 Apps
-rw-------  1 stefano users   22210  5 lug 22.52 .bash_history
-rw-------  1 stefano users       0  5 feb 18.47 .bash_history-02260.tmp
-rw-------  1 stefano users       0 13 giu 23.08 .bash_history-04844.tmp
-rw-------  1 stefano users       0 14 dic  2016 .bash_history-12853.tmp
-rw-------  1 stefano users       0  1 feb 15.06 .bash_history-15493.tmp
-rw-r--r--  1 stefano users    1408 11 set  2016 .bashrc
drwx------ 30 stefano users    4096  5 lug 23.08 .cache
drwxr-xr-x  4 stefano users    4096 17 ott  2016 .cddb
drwx------ 51 stefano users   12288  5 lug 23.14 .config
drwx------  2 stefano users    4096 21 set  2016 .cups
drwx------  3 stefano users    4096 11 set  2016 .dbus
drwxr-xr-x  3 stefano users    4096 14 giu 16.06 .designer
-rw-------  1 stefano users      48  5 lug 23.12 .directory
-rw-r--r--  1 stefano users      46  9 feb 18.51 .dmrc
drwxr-xr-x 14 stefano users    4096  1 lug 12.55 Documenti
drwx------  6 stefano users    4096  5 lug 23.06 .dropbox
drwx------  8 stefano users    4096 13 giu 13.54 Dropbox
drwxr-xr-x  3 stefano users    4096 26 giu 12.12 .dropbox-dist
drwxr-xr-x 66 stefano users    4096 14 giu 16.07 .dvdcss
-rw-r--r--  1 stefano users    1637 11 set  2016 .emacs
-rw-------  1 stefano users      16 11 set  2016 .esd_auth
-rw-r--r--  1 stefano users  530005 31 mag 22.10 .face
lrwxrwxrwx  1 stefano users      19 31 mag 22.10 .face.icon -> /home/stefano/.face
drwx------  3 stefano users    4096  7 giu 15.21 .fltk
drwxr-xr-x  4 stefano users    4096 14 giu 16.07 .Fontmatrix
drwxr-xr-x  5 stefano users    4096  6 dic  2016 .fonts
-rw-r--r--  1 stefano users     288 15 mag 19.40 .fonts.conf
drwxr-xr-x  7 stefano users    4096  2 giu 16.05 .forge
drwxr-xr-x  3 stefano users    4096  8 giu 15.47 .freemind
drwxr-xr-x 25 stefano users    4096  2 lug 20.05 .gimp-2.8
drwxr-xr-x  5 stefano users    4096 30 mag 12.38 Giochi
drwx------  3 stefano users    4096 12 set  2016 .gnome
drwx------  3 stefano users    4096 12 set  2016 .gnome2
drwx------  2 stefano users    4096 12 set  2016 .gnome2_private
drwx------  5 stefano users    4096 23 giu 09.11 .gnupg
drwx------  4 stefano users    4096 29 mag 12.14 .googleearth
drwxr-xr-x  2 stefano users    4096 14 giu 16.03 .gphoto
-rw-r--r--  1 stefano users     514 13 ott  2016 .gtkrc-2.0
lrwxrwxrwx  1 stefano users      24 13 ott  2016 .gtkrc-2.0-kde4 -> /home/stefano/.gtkrc-2.0
drwxr--r--  2 stefano users    4096 14 feb 20.45 .hardinfo
-rw-r--r--  1 stefano users      73 11 set  2016 .i18n
drwxr-xr-x  2 stefano users    4096 12 set  2016 .icons
drwxr-xr-x 17 stefano users    4096 20 giu 21.50 Immagini
-rw-r--r--  1 stefano users     861 11 set  2016 .inputrc
drwxr-xr-x  2 stefano users    4096 17 set  2016 .irc_logs
drwxr-xr-x  4 stefano users    4096 15 set  2016 .java
drwxr-xr-x  3 stefano users    4096 11 set  2016 .kde4
drwx------  2 stefano users    4096 27 set  2016 .kmail2
drwxr-xr-x  7 stefano users    4096  1 mar 16.46 .kodi
drwx------  2 stefano users    4096 11 set  2016 .kontact
-rw-r--r--  1 stefano users      94 23 giu 18.27 .lircrc
drwx------  3 stefano users    4096 11 set  2016 .local
lrwxrwxrwx  1 stefano users      23 11 set  2016 .media -> /var/run/media/stefano/
drwxr-xr-x  2 stefano users    4096 11 set  2016 Modelli
drwx------  5 stefano users    4096 20 apr 18.39 .mozilla
drwxr-xr-x  5 stefano users    4096 17 ott  2016 Musica
-rw-------  1 stefano users       0 12 set  2016 .mysql_history
drwx------  3 stefano users    4096 11 set  2016 .pki
-rw-r--r--  1 stefano users    1028 11 set  2016 .profile
drwxr-xr-x  2 stefano users    4096 13 feb 12.31 .projectM
-rw-r--r--  1 stefano users       2 15 ott  2016 .ptbt0
drwxr-xr-x  6 stefano users    4096  1 lug 14.32 Pubblici
drwxr-xr-x  5 stefano users    4096  5 lug 18.28 public_html
-rw-------  1 stefano users      18 23 feb 12.01 .pyhistory
drwx------  2 stefano users    4096 12 set  2016 .QtWebEngineProcess
drwxr-xr-x  6 stefano users   12288  5 lug 22.15 Scaricati
drwxr-xr-x  9 stefano users    4096 14 giu 16.07 .scribus
drwxr-xr-x  3 stefano users    4096  2 giu 16.20 Scripts
drwxr-xr-x  6 stefano users    4096  5 lug 14.38 Scrivania
drwx------  2 stefano users    4096 12 set  2016 .ssh
drwxr-xr-x  5 stefano users    4096  4 nov  2016 .ssr
drwxr-xr-x  5 stefano users    4096  1 lug 08.47 .stellarium
drwxr-xr-x  3 stefano users    4096 13 ott  2016 .suslictk
drwxr-xr-x  4 stefano users    4096  5 lug 13.17 .TelegramDesktop
drwx------  5 stefano users    4096 13 dic  2016 .thumbnails
drwxr-xr-x  2 stefano users    4096 29 giu 19.35 .vbox
drwxr-xr-x  6 stefano users    4096 14 mag 22.07 Video
drwxr-xr-x  3 stefano users    4096 30 giu 18.50 VirtualMachines
drwxr-xr-x  2 stefano users    4096 29 set  2016 .vnc
-rw-r--r--  1 stefano users     375 22 mag 23.07 .wget-hsts
-rw-------  1 stefano users      55  5 lug 23.05 .Xauthority
-rw-r--r--  1 stefano users    1951 11 set  2016 .xim.template
-rwxr-xr-x  1 stefano users    1112 11 set  2016 .xinitrc.template
-rw-------  1 stefano users  151563  5 lug 23.21 .xsession-errors-:0
-rw-------  1 stefano users 3396574 29 giu 19.32 .xsession-errors-:1
-rw-r--r--  1 stefano users  136335  2 apr 13.56 .y2log
drwxr-xr-x  2 stefano users    4096 14 giu 16.03 .zenmap
drwxr-xr-x  3 stefano users    4096 23 giu 19.25 ZZZ ARCHIVIARE

Some directories have permissions set to 755, other to 700. Files have similar analogue values. Why?
I was thinking that that files and dirs were created by taking into account the umask value (the default 0022), but it seems that many of these files and directories instead use different values.

When a program wants to create a new file (that includes of course directories), it asks the kernel to do so. With that request goes a proposal fore setting the permission bits, which means that it is application dependend (and within that application it can depend on other things) what is proposed. The umask is then used to mask bits in the proposed permissions. Which mean that possibly some of the proposed bits will be set off. It never means that bits that are not proposed are set on.

The umask is NOT what should be set, it is what NOT should be set.

Thus when you do not want bits set for e.g. the world, your umask should be 007. When a program then proposes to set to rwxr-xr-x, the result will be rwxr-x—.
But when you set the umask to 000 with the same proposal, the result will be unchanged rwxr-xr-x (and NOT rwxrwxrwx as you seem to think).
It is up to the user to set a restrictive umask to his needs.

So in other words umask is just the minimum set of restrictions, and the different permissions that I noticed is because every program can be more but not less restrictive, right?

Accurate description. :slight_smile:

Well, now the difficult one.

How can I override the program permissions proposals of the programs, and set not only a minimum set of restrictions, but also a minimum set of permissions? I’d like to have two user homes to be at least fully readable from each other (and if possible writable to some extent), but under these settings, many things that I want to share are too much restricted (i.e. the Dropbox directory, configuration paths like .config, .local/share, etc.).

I’m trying to find out if there is a viable way to setup two user profiles on my laptop to create different environments for work and personal things. These would be just different computer accounts, the one and only user of my laptop is me, the machine is not shared with anybody else. *(https://forums.opensuse.org/showthread.php/524815-Setting-up-two-user-accounts-that-share-part-of-the-home-folder).

Ideally, all user created files should be kept separated, while DE related settings files would be shared (by hyperlinking or at least manually copying once they are set once); for individual program settings, it depends, some would be handy to be shared, for others id doesn’t matter.

Like I said, I’d like to be able to have at least full reading access to the other home directory, but currently I’m unable to do so because the files are owned to the other user account and the permissions are too restrictive.

Sorry for the headaches that I might have caused, all of this seems not only to be a pain to set up but also to explain it.*

Join them in the same group and set group permissions on directory/files

You can us the USER group but using a new group allow perhaps other users out.

Of course this is possible. Desirable? No. Not as you describe it. But, you could create a /home/data folder and set the permissions so that both users can access. Or, if you’re using KDE Plasma 5 take some time to learn about acitivities.
A warning: things like this bring your system miles away from any defaults, whenever you need support this is gonna work against you.

While the above answers are true (of course), I am not going to comment on your question, because I am not 100% sure I understand all you say. To begin with, also for your own understanding, you should do one step backward and understand that talking about “I” without further definition who “I” is to the computer is confusing. The computer does not know “people”. In your system only users are defined (first by their UID, the number, and then. more easily to talk about, by their user names).

So you better try to define what you want, I repeat: also to yourself, by talking more abstract about user alex and user bernard and so on. Their primary group(s), and the other groups they are member of. And your abstract way of thinking should see them as different people, or at least as the same human being in complete different roles.

Only so, and of course with a thorough understanding of the Unix/Linux way of file access protection by ownership (user and group) and permissions (read, write, execute, suid for user, group and/or world/others) can you try to design a solution for what you want.

Oh, and no, there is not way to force a program to add permission bits to what it thinks should be the permissions of a file to create, other then changing the program source and recompiling.

Unix/Linux is designed with a certain security concept in mind. And the defaults are often aiming at maximum of security. Using those rules to trade security against usability is of course possible to a certain extend (alex can of course change the permissions of all his files to rwxrwxrwx if he wants so, or otherwise set an umask of 027 instead of 022), but trying to create a situation that ignores the basic concepts will forward you into a dead alley where, as Knurpht warns you, you will see no followers to help you when needed.

Wow, Henk, that was the long version. Clarifying as usual.

Ok, I understand; the whole thing sounded a bit tricky from the beginning, but I thought to ask anyway; it is always better to learn something than keep doubts.

I’m suggested to use Plasma Activities, I played a bit with them, but from what I saw, these are more different desktop configurations than a way to separate a context to another. If they operate on a deeper level, I have not found out how to set them up correctly.