Glaring Privacy Hole in Home Folder (Everyone can see user created folders)

[andy06]

In OS X, any folders that you create in the Home Folder can be viewed by other users of the Computer!
Isn't this a glaring privacy hole? It does not warn while creating, its not well publicised and I think its entirely reasonable for a user to expect that their entire Home Folder is sandboxed from other users and not just the system default folders.

Example: If you goto you Home folder and create a new folder "Projects" or "Assignments", its contents can be viewed by other users!

Whats the rationale behind this?

 

[grapes911]

I believe it can only bee viewed by users with administrator privileges. You'd have to test it out to be sure, but standard accounts, which most user accounts should be, can not view other home folders.

 

[andy06]

Even Guest Can

 

[grapes911]

I tested it out and it looks like I was wrong. You can easily change the permissions, but I'm surprised you have to.

 

[andy06]

It gets worse, not only are user created folders open, but so are app created ones (basically anything third party and non official), so this includes.....Dropbox folder. Yea all those documents and password files syncing...all public.

I think messing around with permissions is a bit much for new users in my opinion

 

[Inconsequential]

It gets worse, not only are user created folders open, but so are app created ones (basically anything third party and non official), so this includes.....Dropbox folder. Yea all those documents and password files syncing...all public.

I think messing around with permissions is a bit much for new users in my opinion

Dropbox isn't. (10.7.3)

I've just tested this on both my machines.

As an Admin even, I cannot open the Dropbox folder of another user on my machines

As for user created folders, no idea.

 

[fat jez]

you can see the folders, but I don't think you can open them or list the contents.

 

[andy06]

you can see the folders, but I don't think you can open them or list the contents.

You can see them, open them, list contents.....and...make a copy if you wish. Try it out, log into your Guest account through Fast User Switching

 

[fat jez]

OK, the default system folders have permissions such that only the owner can see the contents. User created folders have permissions such that other users can see the contents, but cannot write to the folders.

But this is exactly the same behaviour as (for example) the Solaris 9 machine I am logged into right now. I created a folder called test in /tmp and the permissions are:

drwxr-xr-x 2 <user> <group> 117 Feb 16 13:05 test

 

[andy06]

Not familiar with Solaris to be honest (inset joke about not having to worry about any other user logging onto the Solaris machine )

The current viewable, openable, copyable behaviour surprises every Mac user I show it to (including long time ones). I'm looking for some script or terminal command to reverse it to conform to expected behaviour (by which I mean, user expectation. Not expectation of conformance to Unix )

 

[fat jez]

your missing the point. It's the default behaviour for pretty much any version of Unix I've used. I can try it on HP-UX and Linux as well if you want, but it will do the same thing.

e.g. Suse Linux

drwxr-xr-x 2 sw0439 users 48 2012-02-16 13:09 test

 

[jasonvp]

But this is exactly the same behaviour as (for example) the Solaris 9 machine I am logged into right now. I created a folder called test in /tmp and the permissions are:

drwxr-xr-x 2 <user> <group> 117 Feb 16 13:05 test

Sort of. I'll bet that from the CLI of your Solaris box, if you run the umask command, you'll see 022 as the result. You can change that to 077 and then the permissions of anything you create will be readable/executable only by you.

OS X's Finder is ignoring any umask settings the user may have in their .profile or .cshrc (depending on which shell they use as a login). For example, I have mine set to 077 like I do on every other UNIX system I log in to. But as described above: any new file or directory created by Finder has 022 permissions.

Odds are it's a .plist file that needs to be changed somewhere. I just haven't figured out what or where, and I'm not spending a terrible amount of time trying to. I never create files or directories using Finder; always via the CLI.

jas

 

[andy06]

I doubt wanting a script, automator function or terminal command to do something desirable is "missing the point".

I'm not arguing that OS X violates default Unix behaviour.
What I'm saying it doesn't provide an expected behaviour *from users point of view*, hence I'd like advice on how to permanently change it.

you can see the folders, but I don't think you can open them or list the contents.

See, it almost caught you out as well. And from the sounds of it, you're a long time experienced user.

 

[fat jez]

I'm sure it is the umask, but the default is the same on my Linux box, which hasn't been fiddled with.

I agree that Finder is not respecting the setting, as it works fine from the command line, but to describe it as a glaring security hole is a little extreme when it's the same by default on every flavour of unix I've ever used.

i haven't checked if this still works, but a quick google found this for 10.4

http://hints.macworld.com/article.php?story=20061103144038651

Also this

https://discussions.apple.com/thread/3204865?start=0&tstart=0

And this
http://support.apple.com/kb/HT2202

 

[andy06]

Fedora handles it the right way. As does Red Hat
http://fedoraforum.org/forum/showthread.php?t=258043

Windows 7 (I know its not Unix) handles it the right way.
Ubuntu seems not to. And there are occasional "oh crap" moments from various people:

https://mknowles.com.au/wordpress/2010/08/21/ubuntu-home-directory-permissions-shocker/

http://jordanhall.co.uk/ubuntu-linu...tories-are-world-readable-by-default-3312144/

They all also have easily google-able solutions, such as:

https://help.ubuntu.com/8.04/serverguide/C/user-management.html

Glaring would be the right word because its not *user expected*. This is clear from your initial assumption that the files could not be opened and copied

Again, you seem to stress that all versions of Unix had it this way. I'm not disputing that. But it doesn't make it any less of a problem for me and I'm sure plenty of others:
http://forums.dropbox.com/topic.php?page=4&id=16031

I don't see how this is not a problem when you yourself thought this wasn't the expected behaviour. Think about Employee salary record, health records, anything really, just leaving that info unsecured is asking for a lawsuit.

I looked at your links and other I googled myself and seems like fiddling with umask might break some other permissions (on Public and Shared for example but also other things), I'll try to use a more straight forward workaround (not creating folders in home dir) till someone can post a solution more to my level of (in)competence.

----------

This might help someone else, though I'm not applying it myself:

http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf

Page 152. Section: Securing Home Folder. It has a chmod -700 something something command with caveats explained.
Apple even recognises that user may "inadvertently" create folders in the home folder. Not sure what that implies, they're working on a fix?

 

[jasonvp]

And this
http://support.apple.com/kb/HT2202

This works. Specifically adding the mask in /etc/launchd-user.conf. It does require a reboot to take effect because there's no way to restart launchd (it is, after all, init).

From a Terminal:

$ sudo vi /etc/launchd-user.conf
(enter your password)
i
umask 077
[ESC]
ZZ

And then restart your Mac. You'll be all set.

jas

 

[Inconsequential]

You can see them, open them, list contents.....and...make a copy if you wish. Try it out, log into your Guest account through Fast User Switching

Edit:

Dropbox hides itself on all three machines tested here (I.e. it sets the correct permissions and even an admin can't see into the Dropbox folder of another user).

Adding a folder into the users folder results in a file that is openable and readable, but NOT modifiable. I.e. Read Only.

 

[andy06]

Edit:

Dropbox hides itself on all three machines tested here (I.e. it sets the correct permissions and even an admin can't see into the Dropbox folder of another user).

Adding a folder into the users folder results in a file that is openable and readable, but NOT modifiable. I.e. Read Only.

I think we might be referring to different Dropboxes
I meant the third party Dropbox app. Not the Dropbox (Apple folder) inside Public.

Yeah not modifiable, like I said: viewable, open-able and copy-able.

Wait, did you say you can't see them on 10.7.3? It said something else in the email notification but I don't see it here.

 

[fat jez]

Yeah not modifiable, like I said: viewable, open-able and copy-able.

But as stated before, that's the default behaviour on any flavour of Unix. Your gripe (which I happen to think would be legitimate) should be that Finder does not respect the Umask settings but has it's own, separate settings. For somebody familiar with Unix who knows about Umask settings, Apple should follow suit.

Can anyone confirm if Konqueror or similar in Linux do the same or do they follow the user's Umask?

 

[Inconsequential]

I think we might be referring to different Dropboxes
I meant the third party Dropbox app. Not the Dropbox (Apple folder) inside Public.

Yeah not modifiable, like I said: viewable, open-able and copy-able.

Wait, did you say you can't see them on 10.7.3? It said something else in the email notification but I don't see it here.

I thought you were talking about something else first, hence my edit.

But I am talking about the Dropbox as in https://www.dropbox.com/home program for syncing files. Those folders on my machines are *not* openable by other users.

So I can't see my partners dropbox folder on either my MP or MBP.