Ahimsa
06-08-2003, 08:04 AM
Hello
I installed Mandrake 9.0 this weekend and set everything up when I noticed that I can cd from one user account (e.g. my home account /home/ahimsa) to another account on the same system (e.g. /home/anotheruser). Fortunately, as I am the only user on this box, I'm not too worried, but the ability to do this surely violates one of the items that makes Unix/Linux so secure as a networking system. In short, I don't think that I am supposed to be able to do that!!!
I have searched man pages, and several sources of documentation that I have, checked out octal permissions and gone over the /etc/passwd file and the uid appears correct for each user, and each user account belongs to its own group. I know that there is something that I am missing here, but just can't see it.
Could someone please point me in the right direction so that I can keep each account separate and distinct from each other.
Much obliged
AmF
__________________________
As a follow up: I just checked my Slackware 9.0 system and can do the same thing there too with an alternate account. I cannot write to the different accounts but can browse and read their contents. I can't remember being able to do this under RH8.0 though. Anyway, it looks like I might have to be changing some of the permissions - the 'read' permission, I presume - on the directories. If someone would be willing to confirm this as a solution and share some tips on the safest and most efficient way of doing this, that would be a good lesson for me.
Again, thanks to all.
I installed Mandrake 9.0 this weekend and set everything up when I noticed that I can cd from one user account (e.g. my home account /home/ahimsa) to another account on the same system (e.g. /home/anotheruser). Fortunately, as I am the only user on this box, I'm not too worried, but the ability to do this surely violates one of the items that makes Unix/Linux so secure as a networking system. In short, I don't think that I am supposed to be able to do that!!!
I have searched man pages, and several sources of documentation that I have, checked out octal permissions and gone over the /etc/passwd file and the uid appears correct for each user, and each user account belongs to its own group. I know that there is something that I am missing here, but just can't see it.
Could someone please point me in the right direction so that I can keep each account separate and distinct from each other.
Much obliged
AmF
__________________________
As a follow up: I just checked my Slackware 9.0 system and can do the same thing there too with an alternate account. I cannot write to the different accounts but can browse and read their contents. I can't remember being able to do this under RH8.0 though. Anyway, it looks like I might have to be changing some of the permissions - the 'read' permission, I presume - on the directories. If someone would be willing to confirm this as a solution and share some tips on the safest and most efficient way of doing this, that would be a good lesson for me.
Again, thanks to all.