rbj@ICST-CMR.arpa (Root Boy Jim) (10/23/86)
> From: Mark H Levine <yba@trillian.mit.edu> > In article <1759@tektools.UUCP> jerryp@tektools.UUCP (Jerry Peek) writes: > >In article <810@aimmi.UUCP> gilbert@aimmi.UUCP (Gilbert Cockton) writes: > >The first things a new user should be taught include: > > - how to use "chmod" to make a "personal" (safe) directory and > > - how to use "chmod" to protect an individual file. > >Not using "chmod", then screaming about someone reading your files, is like > >not locking your house and complaining when a burglar walks in. > > That seems a bit strong. > > At our place, there is a Committee on Privacy that worries about > such things. Their major concern was that we could not teach our > four or five thousand novices about chmod BEFORE they had > casually created private files which others would then browse -- > in other words: were users giving informed consent or just using > a defualt of "friendly" which novices (the reasonable man?) would > not expect? (Imagine you stayed at a hotel where the door locks > only worked if you called the desk to have them turned on -- the > normal expectation is that the door locks when you close it, and > only you and the maid can get in; only a UNIX hotel is open to > visitors at all hours). That just goes to show that analogys aren't always on the mark, altho I use them heavily as well. > The compromise we use is to start new users off with a directory > mode of 0711 (allows file references IF they gave you the > pathname), and a umask which only allows the user access. This > puts the burden on a user to learn how to share his files rather > than to learn how to protect them. While it runs contrary to the > UNIX tradition, it is probably a good compromise for the > uninitiated. So initiate them. Just tell someone that their files are by default readable, and it is their responsibility to protect them. Things tend not to change once they are set up. Encouraging people to share files is a better mentality than encouraging them not to share. The burden should be on privacy. If they care, they will learn. Your scheme also encourages ignorance. They only have to learn if they want to be a nice guy, whereas they don't if they want to keep everything secret. A bad combination. To be sure, they are good reasons for secret files, but usually only a small fraction. > There seems to be more potential for damage in having people's > private data made public accidentally than in putting a stumbling > block in the way of sharing data intentionally. There is no such thing as private data on a computer not OWNED by you. (For the moment I will ignore government and similar databases where info about you is collected by others and is required by law to be used in narrowly defined ways. On this subject, I am a privacy nut). Any data you put on the machine is owned by your employer in private industry, and by the government in that domain. I don't know what universitys do. If you get fired, they change your account before they tell you you don't work here anymore. Of course, in practice, every site is different. People DO expect a little privacy, and most people respect it. Still, it is not a good idea to call a file `resume' if that's what it is (unless your company encourages everyone yo keeps it up to date for bids, etc), or to call a directory CMSC450 unless the company is paying for it. The best way to keep a secret is to not let it known that there is one. > We also tell > users loudly the system is not secure, and they should not have > any sensitive data on a UNIX machine with a network connection. This is an oversimplication, and one that may scare people about networks unnecessarily. > -- > Eleazor bar Shimon, Carolingia