Looking through other users' (unprotected) files
Steve Pope
spp at oz.berkeley.edu
Sat Oct 25 07:17:06 AEST 1986
>Essentially, it is all wrapped up in the word "permission." By
>setting the appropriate _read_ _permission_ on your files and
>directories, you are giving me _permission_ to read them. Novices
>will learn.
I am really surprised that so many people are expressing this
attitude. I should think it would be obvious that reading through
the files in someone else's directory just for the hell of it is a
violation of privacy, regardless of permissions.
Consider somebody who leaves his office and file cabinets unlocked.
Does this give everybody else the right to come in and browse through
their papers?
The convenience of having an open system where read permission is
on by default is that if somebody has a good reason to access someone
else's file, they can do it.
It turns out that setting a policy by which users routinely turn
off read permissions is bad for security. What happens in every case
is people start trading passwords, using each other's accounts,
and security rapidly goes to hell. If you can trust your computer
users to behave like adults in the first place, you'll be way ahead.
steve
More information about the Comp.unix
mailing list