11 Comments

Summary:

My Powerbook’s hard drive was filling up. So I used the WhatSize tool to see which directories were using my disk space. I discovered that I could see how much disk space was being used by another user on the computer. My laptop has three users: […]

My Powerbook’s hard drive was filling up. So I used the WhatSize tool to see which directories were using my disk space. I discovered that I could see how much disk space was being used by another user on the computer. My laptop has three users: an admin (which is used only to install system updates and applications), and two regular users (one for my day job, and for my personal life).

WhatSize actually showed me the directory and file structure inside of my other user’s Home folder. So using the Finder I moved into Home, then into the home folder for my other user. And I discovered that I could actually see most of the files in that user. I could not see inside the “standard” directories (Documents, Desktop, Pictures, etc…) but any other folder or file in the Home folder I could.

I am familiar with the home folder setup under Linux. When I log into one of my Red Hat Enterprise boxes, and try to look inside user’s home folders, I am not allowed to see anything at all. I had always assumed that OS X, built from the unix based BSD, was built with the same restrictions.

I submitted a security report to Apple: “It looks like a permissions issue when new files or folders are created. They are given permissions of 755 rwxr-xr-x instead of 700 rwx——.”

Apple responded promptly, less than one hour later.

After examining your report we do not believe that this issue is a security exposure. The permissions that you describe are correct for a default installation. There are several options for the user that wishes to make the contents of the home directory itself unreadable by other users:

a) Enable File Vault
b) Change the permissions of the home directory using Finder: “Get Info” on the home directory, and set “Ownership & Permissions” as appropriate
c) Change the permissions of the home directory using Terminal: “chmod 0711 ~” from a command line

Note that if one wishes folders such as Public, Drop Box, and Sites to be accessible by other users, then method (c) must be used.

If you have any questions or concerns please feel free to let us know. However, please note that due to the nature and complexity of technical issues, we are not able to provide technical support through email.

So, is this a security issue? Or a feature of the Finder to allow easy filesharing? It is at least a privacy issue. I had always assumed, based on my experience with Linux, that a Home folder was private and inaccessible to other users on the computer. Is this simply a training issue that I should not ever create new folders or files in my Home folder? Should Apple offer an option at system setup, e.g. Do you want to make your home folder private? If the user says “Yes” then the Public, Drop Box, and Sites folders aren’t created, and Home is set to 711 permissions. If No, then the current system is used. What are your thoughts?

  1. I don’t think that it is a security hole.

    As for linux ‘defaults’ there are many versions of linux that have in the past shipped with similar permissions – I remember having to put ulimit in my login file to prevent it.

    As Apple says, there are plenty of options for users wishing to keep files secret, but on a shared desktop machine, in many cases there is no need.

    Share
  2. I also don’t think it’s a security hole, and the linux defaults also doesn’t match my experience (my linux boxes have 755/644 as the defaults on ~/).

    Share
  3. I have not found a security issue… experience on my three computers at home with at least three users on each. I have never had any students manage to break into any other student’s files at work, and trust me, they have tried:)

    I am wondering why you would need three users, and for the life of me I can’t think of any good reason….

    “My laptop has three users: an admin (which is used only to install system updates and applications), and two regular users (one for my day job, and for my personal life).”

    To me it is a waste of time to install only through a admin user. If you update an application, you will usually need to do this in each user. Also, it is quite easy to separate work documents and personal documents.

    Maybe your employer is concerned with you using their apps for your personal projects. Isn’t that a fringe benefit though?

    I would be interested in how much space you found out by using WhatSize that the two extra users took up… and combining the document folders. I know that if two users are logged in, it slows my computers down considerably.

    jayc

    Share
  4. I can see Apple’s point, and I can also see yours.

    For most home users, I don’t see this as a problem, though. I find it hard enough to share files as it is, and often have to circumvent this as root! Though I agree that for business installations the behaviour you wanted should be implemented.

    Share
  5. I just hide my porn in /Library/Application Support/Garageband

    ;-)

    Share
  6. This is pretty standard behaviour. Not a security hole by any stretch of the imagination. If you tweak your chmod then the files will no longer be visible.

    Share
  7. “I had always assumed, based on my experience with Linux, that a Home folder was private and inaccessible to other users on the computer.” You should not make assumptions about Mac OS X based on your experience with Linux. The bottom line is that the Home folder is viewable by other users because those users have Public and Sites folders that need to be accessible by others. And any new folders created in the Home directory will pick up the same permissions as those of the Home directory, which is Read Only for all users. This behavior is neither a feature nor a bug, it is just standard operating procedure.

    Share
  8. IMO, this is not a security hole. If you wish to change the behaviour of how you create files and folders:

    Open a terminal window…
    echo “umask 0077″ >> ~/.bashrc

    Files will be created with a permission set of 600, directories 700.
    same goes for .cshrc/.login for csh users (IIRC, it’s been a long time since I’ve used anything other than sh, ksh, or bash).

    Share
  9. Hi, I was just wondering why you have an admin account for installing apps and updates? What is the benefit of doing this? Many thanks,

    will

    Share
  10. This is not a security issue IMO. FreeBSD even ships with root’s home directory set to 755 and leaves it up to you to change it if need be.

    Share

Comments have been disabled for this post