Why such "loose" permissions?

Kurt Wall kwall
Mon May 17 11:56:47 PDT 2004 

Consuming 1.1K bytes, Michael Hipp blathered:
> Kurt Wall wrote:
> >Consuming 0.8K bytes, Michael Hipp blathered:
> >
> >>Why are users files, by default, created with such loose permissions?
> >>
> >>Here's the typical perms automatically given to a new file created in my 
> >>$HOME directory:
> >>
> >>-rw-r--r--    1 michael  michael         2 Dec 11 09:12 testfile.txt
> >
> >
> >The umask is 022. These permissions seem acceptable to me. Other
> >people can't modify your files, but they can look at them -- not
> >an unreasonable assumption on multi-user system.
> 
> I guess, to me, that seems like a totally strange philosophy for a 
> multi-user system - for everyone to be able to see everyone else's files 
> by default. The way I was taught, in a Fortune 500, was to close 
> everything and open only that which needs to be open. My files are mine 
> and only someone I specifically allow access to them should be able to 
> see them.

Yes, the least access principle is the appropriate principle for any
company, not just a Fortune 500, that wants to protect things from 
prying eyes and fat fingers. And, it easier to grant access than it is
to take it away.

I've been at this long enough to remember when paranoia wasn't required,
though. You trusted the people with whom you worked, kept good backups,
and secured things you didn't want other people to see. It's a different
mindset. I live in the Brave New Paranoid World, though, so things are
secure where they need to be. That said, I work in a Linux and Unix
shop, and most of us keep our home directories world readable because
it keeps things simple. Things that shouldn't be shared live in 
directories with 700 permissions. Of course, we also use groups to
control access to project directories and data, have a monstrous NFS
server, and use NIS to distribute authentication and directory 
information.
 
> I know it can be changed, but seems like such loose defaults are just 
> asking for trouble.

Only in the hands of a clueless administrator.

Kurt
-- 
You have acquired a scroll entitled 'irk gleknow mizk'(n).--More--

This is an IBM Manual scroll.--More--

You are permanently confused.
		-- Dave Decot

More information about the Linux-users mailing list