Create a ~/Private directory by default
Since home directories are set 755 by default to facilitate file sharing between local users, it would be beneficial to create a ~/Private directory by default with 700 permissions. Although this directory is created when ecryptfs is used, it's not created in a default installation. The presence of this directory would have the added benefit of making users realize their home directory is not private.
Blueprint information
- Status:
- Not started
- Approver:
- Kees Cook
- Priority:
- Low
- Drafter:
- Marc Deslauriers
- Direction:
- Needs approval
- Assignee:
- Marc Deslauriers
- Definition:
- Approved
- Series goal:
- Accepted for maverick
- Implementation:
- Not started
- Milestone target:
- ubuntu-10.10
- Started by
- Completed by
Whiteboard
Work items:
research freedesktop.org specs for correct usage of Public directory: POSTPONED
figure out reasonable directory/symlink layout for shared directory: POSTPONED
talk to ubuntu one about integration: POSTPONED
create wiki page explaining the case for 700 home dirs: POSTPONED
present changes to tech board: POSTPONED
implement changes in maverick packaging: POSTPONED
https:/
Gobby notes:
~/Private should be included everywhere and 0700
* on server and desktop
* translated
- xdg-user-dirs can be used easily on desktop
- /etc/skel not translated
server considerations
* make it configurable
* xdg-user-dirs not on server but dependencies are light and executable small
discussion regarding 755 vs 700 of $HOME
* old, inherited from Debian
* desired in some environments, but not others
* could use 700 $HOME with:
- $HOME/Shared -> /home/.shared/$USER or /home/.shared (possibly with another link)
- then have /home/.shared/$USER that is 755
* Public is the file sharing thing, and it could be the same directory
* migration issues while likely be worst on the server
* don't change on upgrade, only new users
* on server 700, and no symlinks, and then public_html users can change the
permissions
* see who else is doing it
* make sure it is preseedable
* hook into apache-- a2enmod userdir (which we start as disabled by default) can
alert or dtrt automatically (eg, "I am going to make all home directories world
readable)
* enterprises probably have a dedicated share
* could have an Ubuntu One application for local users
[action]: (mdeslaur) documents effects of all these things
[action]: (mdeslaur) check with freedesktop.org about the intention of Public
[action]: talk to Ubuntu One