-
All replies
-
Helpful answers
-
Feb 9, 2013 7:47 AM in response to fiddleawayby Linc Davis,★HelpfulUnless you have more than one local user, this is a non-issue.
By default, the top-level subfolders of the home folder are read/write/search only by the owner, apart from the Public folder, which is world-readable by design. So only the files at the root of the home folder are readable by other users. Again by default, there are no such files. If you create any, you should set their permissions as desired. If you don't use the Public folder, set the mode of your home folder to 700.
If, nevertheless, you do want to change the umask for applications, the correct way to do it is given here:
-
Feb 9, 2013 3:59 PM in response to Linc Davisby fiddleaway,Actually, I have 3 accounts, one admin acct and two standard accounts for myself and my wife. I established the separate admin account primarily to be the installer of apps, per security concerns that I inherited from my early Tiger days (and may not be necessary anymore).
I know that the privilege settings for the top-level subfolders of the home folder generally act as locked gates to all but the owner for access to what's inside each of them. But, I wasn't sure if someone might be able to access a resource inside such a subfolder if (1) the privilege settings of the resource allow it ('644 for example) (2) the access request provides the full path to the resource.
So I did some experiments with Finder and also with Terminal ... and discovered that at least my simple straight-forward attempts to access a file by it's full path failed. I'm no UNIX mavin, so my Terminal experiments didn't prove there was no way for a more knowledgeable non-admin to go around a blocking folder ... ergo I sent out this inquiry.
If there were a way for a non-admin user to circumvent the privilege blocks in the primary home sub-folders (by giving the full path) ... I can image a scenario where one of our standard accounts is inadvertently infected by malware, which would exploit the vulnerability of unprotected files lying inside a protected folder.
It sounds as if you're telling me that to your knowledge this is not possible.