Language Selection

English French German Italian Portuguese Spanish

Ubuntu is Making Home Folders Private in 21.04

Filed under

If you create a new user on an Ubuntu system that user can ‘read’ files in the main ~/Home folder. Y’know, the one you probably use for your personal account.

It sounds crazy lax but, back in the early days of Ubuntu the reasoning was that multi-user systems have: “…some level of cooperation (if not trust) among the users – they’ll be members of the same family, or friends, or co-workers, or whatever – and it is useful for them to be able to share files reasonably conveniently”.

Read more

Ubuntu 21.04 Will Finally Stop Making New Home Directories World

  • Ubuntu 21.04 Will Finally Stop Making New Home Directories World-Readable

    Ubuntu 21.04 will do away with the existing practice on Ubuntu Linux systems of making new user home directories world-readable.

    Creating new users on Ubuntu systems up to now have led to home directories being world-readable. Home directories were created with 755 permissions but will be dropped to 750 now to prevent new home directories from being readable by other users on the system.

Ubuntu 21.04 will finally fix this long-time security concern

  • Ubuntu 21.04 will finally fix this long-time security concern

    The next upcoming release of Ubuntu will close a security issue that’s been lingering around the popular desktop distro for more than a decade.

    The original bug report filed in lieu of this issue back in 2006 has finally been marked as fixed by Alex Murray, Ubuntu Security Tech Lead, at Canonical.

    Unlike many other distros, Ubuntu by default creates user home directories with world writable permissions. Murray once again flagged the issue late last year, arguing among other things that Ubuntu now has a significant customer and user-base in the public cloud and server space for whom the world-readable home directories are “more like a footgun than a feature.”

The Home Directory Will be Private in Ubuntu 21.04

  • The Home Directory Will be Private in Ubuntu 21.04, What Does it Mean?

    I hope you are aware of file permissions. If not, I have written a detailed and easy to understand guide to Linux file permission and I suggest you read that.

    Most people probably never noticed it but the home directory in Ubuntu has the permission 755 i.e. rwxr-xr-x.

    What it means is that if there are multiple users on the same Ubuntu system, they can enter home directory of other users and read the files stored in it. They cannot modify these files or execute them, however.

    I think this is the common practice in many Linux distributions as this allows to easily share files between users on the same Linux system, specially in a server environment.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

Schedule appointments with an open source alternative to Doodle

In previous years, this annual series covered individual apps. This year, we are looking at all-in-one solutions in addition to strategies to help in 2021. Welcome to day 13 of 21 Days of Productivity in 2021. Setting appointments with other people is difficult. Most of the time, we guess at a date and time and then start the "is this time bad for you? No, that time is bad for me, how about..." dance. It is easier with co-workers since you can see each others' calendars. You just have to find that magic spot that is good for almost everyone who needs to be on the call. However, for freelancers managing personal calendars, the dance is a routine part of setting up calls and meetings. Read more

This week in KDE: the Plasma 5.20 beta is here!

Well folks, you finally have a chance to test out Plasma 5.21, in beta form! Please do install it and find all the bugs we missed. Bug reports have already started pouring in, and we’ll fix them as fast as we can in the next month. [...] Kate now has a searchable HUD-style command palette that lets you trigger menu items with super speed! It’s activated using the Ctrl+Alt+I shortcut, and we’re investigating adding it to other KDE apps as well in the form of a re-usable framework component. Read more

Free, Libre, and Open Source Software Leftovers

  • Raptor Announces Kestrel Open-Source, Open HDL/Firmware Soft BMC

    Raptor Engineering known for their work on open-source POWER9 systems has announced Kestrel, an open-source baseboard management controller (BMC) design that is open down to the HDL design and firmware. Raptor describes Kestrel as "the world's first open HDL / open firmware soft BMC, built on POWER and capable of IPLing existing OpenPOWER systems!" This isn't a physical BMC chip but a "soft" BMC that is currently designed and tested on Lattice ECP-5 FPGAs. It can currently handle an initial program load (IPL) for a POWER9 host like the Blackbird and Talos II systems of Raptor Computing Systems after deactivating the existing ASpeed hardware BMC found on those systems.

  • Apache Superset Reaches Top-Level Status For Big Data Visualizations

    The Apache Software Foundation announced on Thursday that Apache Superset reached "top-level" status. Apache Superset is the project's big data visualization and business intelligence web solution. Apache Superset allows for big data exploration and visualization with data from a variety of databases ranging from SQLite and MySQL to Amazon Redshift, Google BigQuery, Snowflake, Oracle Database, IBM DB2, and a variety of other compatible data sources.

  • Intel oneAPI Level Zero 1.1 Headers/Loader Released

    The oneAPI Level Zero repository consisting of the Level Zero API headers, Level Zero loader, and validation layer have reached version 1.1. Following last year's big oneAPI 1.0 "Gold" status, Intel's open-source oneAPI effort continues moving along with the Level Zero focus as their low-level, direct-to-metal interface for offload accelerators like GPUs and other "XPU" devices.

  • [Older] A short journey to x86 long mode in coreboot on recent Intel platforms

    While it was difficult to add initial x86_64 support in coreboot, as described in my last blog article how-to-not-add-x86_64-support-to-coreboot it was way easier on real hardware. During the OSFC we did a small hackathon at 9elements and got x86_64 working in coreboot on recent Intel platforms. If you want to test new code that deals with low level stuff like enabling x86_64 mode in assembly, it's always good to test it on qemu using KVM. It runs the code in ring 0 instead of emulating every single instruction and thus is very close to bare metal machines.