Users can access other users home directories without permission

rybena · 25 June 2020 08:08

Hello

I must be doing something wrong.
I have created a second and third user in mate 20.04, a desktop user not an admin or a custom user, and that user is able to access other users home directories from the command line and even copy that users data, also able to access root as well, no password needed.
How come this is able to happen?
Have I messed something up when adding a new user?

Thanks in advance

olek · 25 June 2020 09:29

Hey
Please share with us the output of :

ls -lt /home/

Connect with the user that has this superpowers and show us output of :

┌─[✗]─[olek@lenovo_apbook04u]─[/home]
└──╼ $ whoami 
olek
┌─[olek@lenovo_apbook04u]─[/home]
└──╼ $ sudo date
[sudo] password for olek: 
jeu. 25 juin 2020 11:27:16 CEST

Next you can check groups that your user is member :

┌─[✗]─[olek@lenovo_apbook04u]─[/home]
└──╼ $ groups olek
olek : olek adm cdrom sudo dip plugdev lpadmin lxd sambashare

ugnvs · 25 June 2020 15:27

Hi,
Do not worry, please. You are doing correctly. The matter is that Ubuntu default permissions for home directories allow access for other users.
Manual page on useradd command reads, in particular:

and skeleton permissions are

alpinejohn · 27 June 2020 07:37

Hallo

You do not seem to have done anything wrong - what you seem to have discovered is a feature of Debian's multi-user mode. Ubuntu, and therefore Ubuntu-Mate, are based on Debian.

"The beginner handbook - Debian 10 Buster",

available here:
[https://lescahiersdudebutant.arpinux.org/buster-en/download/the_beginners_handbook.pdf]

states in section 10.2.1

"10.2.1 Limit the access rights of others on your data
If you use Debian in “multi-user” mode, the data of the other users are readable by you, and yours too, by necessity. You may want to restrict the other users access rights to some of your data."
...
"The graphical procedure is easy to execute (no need to open a terminal):
right-click on the folder > properties > “Permissions”.
Select the “None” option for the “Others” access rights: A window will ask you if you want to apply these modifications to all the files and folders embedded within the concerned folder, and we advise you to accept, in order to protect the full set of data included inside this folder."

Applying this to Ubuntu-Mate,

open Caja (the file manager), in the left-hand pane select "File System", then in the main pain the "home" folders will appear for all users on the computer.
Right-click on the home folder of the user for whom you wish to restrict others access.
Select "Properties".
On the "Permissions" tab for the "Others" set Folder and File access to "None", and click on the button "Apply Permissions to Enclosed Files".
Close the the "Properties" window.

I hope that helps.

rybena · 28 June 2020 06:40

Hi, thanks this sorted it out. Strange its set up like that but its ok.
Thanks for the easy to follow steps too thanks.
Problem solved

rybena · 28 June 2020 06:43

Hey, thanks for the reply, one of the comments below sorted the question, thanks for your input.