On Tue, 20 Jun 2017 14:25:09 +0800
Ed Greshko <ed.greshko(a)gmail.com> wrote:
Also, please note that by default when a new user is created in
Fedora they also get a corresponding group unless you override.
Along with that the home directory is created with drwx------.
permissions. So, even if the permissions on the file allow group
access and even if the other user is part of the group they can't
access the files within your home directory and sub-directories.
[egreshko@f26-b14 ~]$ pwd
/home/egreshko
[egreshko@f26-b14 ~]$ ll text
-rw-rw----. 1 egreshko egreshko 6 Jun 20 14:09 text
[egreshko@f26-b14 ~]$ cat text
hello
[egreshko@f26-b14 ~]$ whoami
egreshko
[egreshko@f26-b14 ~]$ grep ^egreshko /etc/group
egreshko:x:1000:silly
[silly@f26-b14 ~]$ whoami
silly
[silly@f26-b14 ~]$ cat /home/egreshko/text
cat: /home/egreshko/text: Permission denied
[silly@f26-b14 ~]$ ll /home/egreshko
ls: cannot open directory '/home/egreshko': Permission denied
So, no matter what you have your umask set to when talking about
files under your home directory you need to do some explicit changes
to directory and file permissions before others with access to your
system can even see what files are there.
Well, thanks for that. It really puts the umask issue in perspective,
and addresses my concerns that there was a vulnerability, when there
actually isn't.