Create a ~/Private directory by default

Registered by Marc Deslauriers on 2010-04-28

Since home directories are set 755 by default to facilitate file sharing between local users, it would be beneficial to create a ~/Private directory by default with 700 permissions. Although this directory is created when ecryptfs is used, it's not created in a default installation. The presence of this directory would have the added benefit of making users realize their home directory is not private.

Blueprint information

Status:
Not started
Approver:
Kees Cook
Priority:
Low
Drafter:
Marc Deslauriers
Direction:
Needs approval
Assignee:
Marc Deslauriers
Definition:
Approved
Series goal:
Accepted for maverick
Implementation:
Not started
Milestone target:
milestone icon ubuntu-10.10

Related branches

Sprints

Whiteboard

Work items:
research freedesktop.org specs for correct usage of Public directory: POSTPONED
figure out reasonable directory/symlink layout for shared directory: POSTPONED
talk to ubuntu one about integration: POSTPONED
create wiki page explaining the case for 700 home dirs: POSTPONED
present changes to tech board: POSTPONED
implement changes in maverick packaging: POSTPONED

https://launchpad.net/bugs/353231

Gobby notes:

~/Private should be included everywhere and 0700
 * on server and desktop
 * translated
   - xdg-user-dirs can be used easily on desktop
   - /etc/skel not translated

server considerations
 * make it configurable
 * xdg-user-dirs not on server but dependencies are light and executable small

discussion regarding 755 vs 700 of $HOME
 * old, inherited from Debian
 * desired in some environments, but not others
 * could use 700 $HOME with:
   - $HOME/Shared -> /home/.shared/$USER or /home/.shared (possibly with another link)
   - then have /home/.shared/$USER that is 755
 * Public is the file sharing thing, and it could be the same directory
 * migration issues while likely be worst on the server
 * don't change on upgrade, only new users
 * on server 700, and no symlinks, and then public_html users can change the
   permissions
 * see who else is doing it
 * make sure it is preseedable
 * hook into apache-- a2enmod userdir (which we start as disabled by default) can
   alert or dtrt automatically (eg, "I am going to make all home directories world
   readable)
 * enterprises probably have a dedicated share
 * could have an Ubuntu One application for local users

[action]: (mdeslaur) documents effects of all these things
[action]: (mdeslaur) check with freedesktop.org about the intention of Public
[action]: talk to Ubuntu One

(?)

Work Items