NOTE: This page is part of the Ubuntu Specification process. Please check the status and details in Launchpad before editing. If the spec is Approved then you should contact the Assignee, or another knowledgeable person, before making changes.

Summary

This specification aims to move Ubuntu to a secure home directory format, where the contents of $HOME are only accessible by the owner. We give a Shared Documents home for sharing document

Rationale

All user created files are currently readable by all other users, which may be a problem. Although most sensitive information such as e-mail is chmod()ed properly by the application, some sensitive information may be in documents or text files that are left world-readable; for example, ~/.tomboy/ and all contained notes are world-readable. Users' documents should only be shared with other users explicitly; it should still be possible to do such sharing.

Use cases

This is general document security; but for the sake of argument we will list several.

Scope

The scope is all existing and new Ubuntu installations. Upgrades will be handled by applying the proper permission to each user's $HOME including root.

Design

Implementation

An upgrade script, some modifications to GNOME.

Code

Data preservation and migration

See first point of Unresolved Issues below.

Unresolved issues

BoF agenda and discussion


CategorySpec

SecureHome (last edited 2008-08-06 16:23:00 by localhost)