Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!sri-spam!nike!ucbcad!ucbvax!oz.berkeley.edu!spp
From: spp@oz.berkeley.edu (Steve Pope)
Newsgroups: net.unix
Subject: Re: Looking through other users' (unprotected) files
Message-ID: <16234@ucbvax.BERKELEY.EDU>
Date: Fri, 24-Oct-86 17:17:06 EDT
Article-I.D.: ucbvax.16234
Posted: Fri Oct 24 17:17:06 1986
Date-Received: Sat, 25-Oct-86 07:17:27 EDT
References: <1246@kitty.UUCP> <141@rayssd.UUCP> <2433@phri.UUCP> <2046@saber.UUCP> <3561@mit-eddie.MIT.EDU> <169@morgoth.UUCP>
Sender: usenet@ucbvax.BERKELEY.EDU
Reply-To: spp@oz.berkeley.edu.UUCP (Steve Pope)
Organization: University of California, Berkeley
Lines: 25

>Essentially, it is all wrapped up in the word "permission."  By
>setting the appropriate _read_ _permission_ on your files and
>directories, you are giving me _permission_ to read them.  Novices
>will learn.

I am really surprised that so many people are expressing this
attitude.  I should think it would be obvious that reading through
the files in someone else's directory just for the hell of it is a
violation of privacy, regardless of permissions.

Consider somebody who leaves his office and file cabinets unlocked.
Does this give everybody else the right to come in and browse through
their papers?

The convenience of having an open system where read permission is
on by default is that if somebody has a good reason to access someone
else's file, they can do it.

It turns out that setting a policy by which users routinely turn
off read permissions is bad for security.  What happens in every case
is people start trading passwords, using each other's accounts, 
and security rapidly goes to hell.  If you can trust your computer
users to behave like adults in the first place, you'll be way ahead.

steve