Glaring Privacy Hole in Home Folder (Everyone can see user created folders)

Discussion in 'Mac OS X Lion (10.7)' started by andy06, Feb 15, 2012.

  1. andy06, Feb 15, 2012
    Last edited: Feb 15, 2012

    andy06 macrumors member

    Joined:
    Feb 15, 2012
    #1
    In OS X, any folders that you create in the Home Folder can be viewed by other users of the Computer!
    Isn't this a glaring privacy hole? It does not warn while creating, its not well publicised and I think its entirely reasonable for a user to expect that their entire Home Folder is sandboxed from other users and not just the system default folders.

    Example: If you goto you Home folder and create a new folder "Projects" or "Assignments", its contents can be viewed by other users!

    Whats the rationale behind this?
     
  2. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #2
    I believe it can only bee viewed by users with administrator privileges. You'd have to test it out to be sure, but standard accounts, which most user accounts should be, can not view other home folders.
     
  3. andy06 thread starter macrumors member

    Joined:
    Feb 15, 2012
  4. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #4
    I tested it out and it looks like I was wrong. You can easily change the permissions, but I'm surprised you have to.
     
  5. andy06 thread starter macrumors member

    Joined:
    Feb 15, 2012
    #5
    It gets worse, not only are user created folders open, but so are app created ones (basically anything third party and non official), so this includes.....Dropbox folder. Yea all those documents and password files syncing...all public.

    I think messing around with permissions is a bit much for new users in my opinion :)
     
  6. Inconsequential macrumors 68000

    Joined:
    Sep 12, 2007
    #6
    Dropbox isn't. (10.7.3)

    I've just tested this on both my machines.

    As an Admin even, I cannot open the Dropbox folder of another user on my machines

    As for user created folders, no idea.
     
  7. fat jez macrumors 68000

    fat jez

    Joined:
    Jun 24, 2010
    Location:
    Glasgow, UK
    #7
    you can see the folders, but I don't think you can open them or list the contents.
     
  8. andy06 thread starter macrumors member

    Joined:
    Feb 15, 2012
    #8
    You can see them, open them, list contents.....and...make a copy if you wish. Try it out, log into your Guest account through Fast User Switching :)
     
  9. fat jez macrumors 68000

    fat jez

    Joined:
    Jun 24, 2010
    Location:
    Glasgow, UK
    #9
    OK, the default system folders have permissions such that only the owner can see the contents. User created folders have permissions such that other users can see the contents, but cannot write to the folders.

    But this is exactly the same behaviour as (for example) the Solaris 9 machine I am logged into right now. I created a folder called test in /tmp and the permissions are:

    drwxr-xr-x 2 <user> <group> 117 Feb 16 13:05 test
     
  10. andy06 thread starter macrumors member

    Joined:
    Feb 15, 2012
    #10
    Not familiar with Solaris to be honest (inset joke about not having to worry about any other user logging onto the Solaris machine :p)

    The current viewable, openable, copyable behaviour surprises every Mac user I show it to (including long time ones). I'm looking for some script or terminal command to reverse it to conform to expected behaviour (by which I mean, user expectation. Not expectation of conformance to Unix :))
     
  11. fat jez macrumors 68000

    fat jez

    Joined:
    Jun 24, 2010
    Location:
    Glasgow, UK
    #11
    your missing the point. It's the default behaviour for pretty much any version of Unix I've used. I can try it on HP-UX and Linux as well if you want, but it will do the same thing.

    e.g. Suse Linux

    drwxr-xr-x 2 sw0439 users 48 2012-02-16 13:09 test
     
  12. jasonvp macrumors 6502a

    jasonvp

    Joined:
    Jun 29, 2007
    Location:
    Northern VA
    #12
    Sort of. I'll bet that from the CLI of your Solaris box, if you run the umask command, you'll see 022 as the result. You can change that to 077 and then the permissions of anything you create will be readable/executable only by you.

    OS X's Finder is ignoring any umask settings the user may have in their .profile or .cshrc (depending on which shell they use as a login). For example, I have mine set to 077 like I do on every other UNIX system I log in to. But as described above: any new file or directory created by Finder has 022 permissions.

    Odds are it's a .plist file that needs to be changed somewhere. I just haven't figured out what or where, and I'm not spending a terrible amount of time trying to. I never create files or directories using Finder; always via the CLI.

    jas
     
  13. andy06 thread starter macrumors member

    Joined:
    Feb 15, 2012
    #13
    I doubt wanting a script, automator function or terminal command to do something desirable is "missing the point". :)

    I'm not arguing that OS X violates default Unix behaviour.
    What I'm saying it doesn't provide an expected behaviour *from users point of view*, hence I'd like advice on how to permanently change it.

    See, it almost caught you out as well. And from the sounds of it, you're a long time experienced user.
     
  14. fat jez, Feb 16, 2012
    Last edited: Feb 16, 2012

    fat jez macrumors 68000

    fat jez

    Joined:
    Jun 24, 2010
    Location:
    Glasgow, UK
    #14
    I'm sure it is the umask, but the default is the same on my Linux box, which hasn't been fiddled with.

    I agree that Finder is not respecting the setting, as it works fine from the command line, but to describe it as a glaring security hole is a little extreme when it's the same by default on every flavour of unix I've ever used.

    i haven't checked if this still works, but a quick google found this for 10.4

    http://hints.macworld.com/article.php?story=20061103144038651

    Also this

    https://discussions.apple.com/thread/3204865?start=0&tstart=0

    And this
    http://support.apple.com/kb/HT2202
     
  15. andy06 thread starter macrumors member

    Joined:
    Feb 15, 2012
    #15
    Fedora handles it the right way. As does Red Hat
    http://fedoraforum.org/forum/showthread.php?t=258043

    Windows 7 (I know its not Unix) handles it the right way.
    Ubuntu seems not to. And there are occasional "oh crap" moments from various people:

    https://mknowles.com.au/wordpress/2010/08/21/ubuntu-home-directory-permissions-shocker/

    http://jordanhall.co.uk/ubuntu-linu...tories-are-world-readable-by-default-3312144/

    They all also have easily google-able solutions, such as:

    https://help.ubuntu.com/8.04/serverguide/C/user-management.html

    Glaring would be the right word because its not *user expected*. This is clear from your initial assumption that the files could not be opened and copied :)

    Again, you seem to stress that all versions of Unix had it this way. I'm not disputing that. But it doesn't make it any less of a problem for me and I'm sure plenty of others:
    http://forums.dropbox.com/topic.php?page=4&id=16031

    I don't see how this is not a problem when you yourself thought this wasn't the expected behaviour. Think about Employee salary record, health records, anything really, just leaving that info unsecured is asking for a lawsuit.

    I looked at your links and other I googled myself and seems like fiddling with umask might break some other permissions (on Public and Shared for example but also other things), I'll try to use a more straight forward workaround (not creating folders in home dir) till someone can post a solution more to my level of (in)competence. :)

    ----------

    This might help someone else, though I'm not applying it myself:

    http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf

    Page 152. Section: Securing Home Folder. It has a chmod -700 something something command with caveats explained.
    Apple even recognises that user may "inadvertently" create folders in the home folder. Not sure what that implies, they're working on a fix?
     
  16. jasonvp macrumors 6502a

    jasonvp

    Joined:
    Jun 29, 2007
    Location:
    Northern VA
    #16
    This works. Specifically adding the mask in /etc/launchd-user.conf. It does require a reboot to take effect because there's no way to restart launchd (it is, after all, init).

    From a Terminal:

    Code:
    $ sudo vi /etc/launchd-user.conf
    (enter your password)
    i
    umask 077
    [ESC]
    ZZ
    
    And then restart your Mac. You'll be all set.

    jas
     
  17. Inconsequential macrumors 68000

    Joined:
    Sep 12, 2007
    #17
    Edit:

    Dropbox hides itself on all three machines tested here (I.e. it sets the correct permissions and even an admin can't see into the Dropbox folder of another user).

    Adding a folder into the users folder results in a file that is openable and readable, but NOT modifiable. I.e. Read Only.
     
  18. andy06, Feb 22, 2012
    Last edited: Feb 22, 2012

    andy06 thread starter macrumors member

    Joined:
    Feb 15, 2012
    #18
    I think we might be referring to different Dropboxes :)
    I meant the third party Dropbox app. Not the Dropbox (Apple folder) inside Public.

    Yeah not modifiable, like I said: viewable, open-able and copy-able.

    Wait, did you say you can't see them on 10.7.3? It said something else in the email notification but I don't see it here.
     
  19. fat jez macrumors 68000

    fat jez

    Joined:
    Jun 24, 2010
    Location:
    Glasgow, UK
    #19
    But as stated before, that's the default behaviour on any flavour of Unix. Your gripe (which I happen to think would be legitimate) should be that Finder does not respect the Umask settings but has it's own, separate settings. For somebody familiar with Unix who knows about Umask settings, Apple should follow suit.

    Can anyone confirm if Konqueror or similar in Linux do the same or do they follow the user's Umask?
     
  20. Inconsequential macrumors 68000

    Joined:
    Sep 12, 2007
    #20
    I thought you were talking about something else first, hence my edit.

    But I am talking about the Dropbox as in https://www.dropbox.com/home program for syncing files. Those folders on my machines are *not* openable by other users.

    So I can't see my partners dropbox folder on either my MP or MBP.
     

Share This Page