Comments on: Finder Security Bug or Feature?

By: iozexyuip

iozexyuip — Sat, 03 Feb 2007 12:42:08 +0000

By: Justin

Justin — Sat, 30 Dec 2006 16:40:14 +0000

This is not a security issue IMO. FreeBSD even ships with root’s home directory set to 755 and leaves it up to you to change it if need be.

By: Will

Will — Fri, 29 Dec 2006 13:18:06 +0000

Hi, I was just wondering why you have an admin account for installing apps and updates? What is the benefit of doing this? Many thanks,

will

By: Clair

Clair — Thu, 28 Dec 2006 21:15:56 +0000

IMO, this is not a security hole. If you wish to change the behaviour of how you create files and folders:

Open a terminal window…
echo “umask 0077″ >> ~/.bashrc

Files will be created with a permission set of 600, directories 700.
same goes for .cshrc/.login for csh users (IIRC, it’s been a long time since I’ve used anything other than sh, ksh, or bash).

By: Eddie Hargreaves

Eddie Hargreaves — Thu, 28 Dec 2006 18:31:34 +0000

“I had always assumed, based on my experience with Linux, that a Home folder was private and inaccessible to other users on the computer.” You should not make assumptions about Mac OS X based on your experience with Linux. The bottom line is that the Home folder is viewable by other users because those users have Public and Sites folders that need to be accessible by others. And any new folders created in the Home directory will pick up the same permissions as those of the Home directory, which is Read Only for all users. This behavior is neither a feature nor a bug, it is just standard operating procedure.

By: James

James — Thu, 28 Dec 2006 14:38:56 +0000

This is pretty standard behaviour. Not a security hole by any stretch of the imagination. If you tweak your chmod then the files will no longer be visible.

By: Mikael

Mikael — Thu, 28 Dec 2006 13:49:27 +0000

I just hide my porn in /Library/Application Support/Garageband

;-)

By: Mark

Mark — Thu, 28 Dec 2006 12:12:50 +0000

I can see Apple’s point, and I can also see yours.

For most home users, I don’t see this as a problem, though. I find it hard enough to share files as it is, and often have to circumvent this as root! Though I agree that for business installations the behaviour you wanted should be implemented.

By: John

John — Thu, 28 Dec 2006 06:19:48 +0000

I have not found a security issue… experience on my three computers at home with at least three users on each. I have never had any students manage to break into any other student’s files at work, and trust me, they have tried:)

I am wondering why you would need three users, and for the life of me I can’t think of any good reason….

“My laptop has three users: an admin (which is used only to install system updates and applications), and two regular users (one for my day job, and for my personal life).”

To me it is a waste of time to install only through a admin user. If you update an application, you will usually need to do this in each user. Also, it is quite easy to separate work documents and personal documents.

Maybe your employer is concerned with you using their apps for your personal projects. Isn’t that a fringe benefit though?

I would be interested in how much space you found out by using WhatSize that the two extra users took up… and combining the document folders. I know that if two users are logged in, it slows my computers down considerably.

jayc

By: PatrickQG

PatrickQG — Thu, 28 Dec 2006 06:01:12 +0000

I also don’t think it’s a security hole, and the linux defaults also doesn’t match my experience (my linux boxes have 755/644 as the defaults on ~/).

By: Nicholas

Nicholas — Thu, 28 Dec 2006 03:45:21 +0000

I don’t think that it is a security hole.

As for linux ‘defaults’ there are many versions of linux that have in the past shipped with similar permissions – I remember having to put ulimit in my login file to prevent it.

As Apple says, there are plenty of options for users wishing to keep files secret, but on a shared desktop machine, in many cases there is no need.