An Unknown Indian

Thoughts of a FOSS enthusiast

FOSS and data privacy

Posted by Balachandran on December 23, 2008

Hello folks, A few days back, there was an OT thread in the ilugc, which eventually ran into the topic of data privacy and FOSS. A few people on the list were commenting that data privacy was of supereme importance in FOSS.(The original post).

       I had raised my views over there and wish to highlight them.

File access permissions:

In GNU/Linux, or any other UNIX, the default file access permissions are 755. This means that, the owner can read, write and execute the files. The users in the same group as the owner can read and execute only, and the other users in the system can also read and execute only. (The file access is actually the decimal notation of the bitmask for the r-w-x, where 1 means allowed. So 1-1-1 means read, write and execute and 111 in binary is 7 in decimal).

So this 755 permission by default essentially means that, anybody who has a login in that system can read and execute your files. So the concept of supreme data privacy is lost. Infact, with default settings,any user can read any file in a GNU/Linux system.

There are ofcourse ways to modify the defaul permissions and make it such that the owner can read-write-execute and others can’t do anything, by setting the permissions to 700 using the chmod command. To make this as the default property, the users can also make their umask to be 077. by default umask is set to 022(umask XOR 777 gives the file access permissions).

            There were references to RMS opposing could computing etc. citing that data privacy is lost. In my view,  the probable disadvantage of cloud computing is that data ownership might be lost. But from my understanding, there will be no changes to the privacy.

Advertisements

4 Responses to “FOSS and data privacy”

  1. There is no concept of an intrinsic default file access permissions to the Unix or Linux kernel. Its simply a configuration setting relating to the umask. Developers don’t enforce policy – they only provide mechanism. Distribution maintainers choose the default policy, Administrators choose to override it, and end-users have ultimate control. I cannot imagine why this should be an argument against “Data Privacy” in general.

    And FWIW, the permissions for a “file” and a “directory” are computed independently:

    For directories, the default permissions are (0777 & ~umask)
    For files, the default permissions are (0666 & ~umask)

  2. Hi Anna,

    Thanks for the comment. But I was referring to the default policy actually. And the default policy allows global read access. My understanding was that, if the admins do not override the default policy, anybody can read any file stored in that system. That was why I argued that with the default policy there is no privacy.

    Reg. the policy computing, it was my mistake to mention it as XOR. I understand it is AND with umask. Thanks

  3. Ananth said

    If the default policy bothers you, you should direct your complaints to the specific distribution maintainer. On my Ubuntu workstation, the default umask is 0027. Which translates to 0750 for dirs and 0640 files. Good enough for me 🙂

    (The ^ umask is equivalent to & ~umask. I was more referring to the different bitmasks for files and directories – which you had rolled into a single entity)

  4. Hi Anna,

    Thanks. I got it. I had previously thought it was 0777 that was used for both.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: