Thanks for everyone's advice and feedback. I was able to resolve it for the existing accounts and I will look into how to set it for future accounts.
For those who asked -- I used webmin to create accounts. I have a script in a spreadsheet where I just put in the user's first and last name and then it will auto generate the necessary script lines and then I can batch create 200 users with one copy-paste command. Thanks Joseph On Mon, May 27, 2013 at 11:20 PM, Stéphane Graber <[email protected]> wrote: > On 05/27/2013 10:56 PM, Joseph Bishay wrote: >> Hello, >> >> So today we just realized that everyone on our server can navigate into >> everyone else's /home directory and open all their files! >> >> Looking online it appears this is ubuntu's default permission setting. This >> is rather strange and a disaster for us as teachers have private student >> marks, comments, tests etc the student can access now! >> >> So my first question - is there a script or simple command to change all the >> permissions so everyone can only access their own files? >> >> Second - how to permanently fix this so new accounts don't inherent this >> weird permission structure! >> >> Thank you kindly! >> Joseph >> >> P.S. This is a really strange default setup - I've been getting irate emails >> from staff and admin wondering what kind of system (ie: Linux) would allow >> students to access teacher folders etc. Hopefully the fix is simple and fast >> so I can pass it off as something minor. Thanks! > > "sudo chmod 700 /home/*" will change the permissions of all entries > under /home so that only the owner (and root) may be able to access them. > > Changing this for new users is a bit tricky as it depends on the tool > used to create the users. If using adduser, you may change > /etc/adduser.conf changing DIR_MODE=0755 to > DIR_MODE=0700 which should then apply to any new user created with that > tool. > > On machines where the home directories are shared between many users, > you usually want to use a centralized authentication source and detailed > ACLs for things like home directories. So you can for example allow > teachers or your staff to access the students home directories, yet > prevent the students from accessing anyone's home directories but their own. > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > > -- > edubuntu-users mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/edubuntu-users > -- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
