Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!rutgers!husc6!mit-eddie!mit-trillian!rlk From: rlk@mit-trillian.MIT.EDU (Robert L Krawitz) Newsgroups: net.unix Subject: Re: Looking through other users' (unprotected) files Message-ID: <1332@mit-trillian.MIT.EDU> Date: Sat, 25-Oct-86 21:33:48 EST Article-I.D.: mit-tril.1332 Posted: Sat Oct 25 21:33:48 1986 Date-Received: Sun, 26-Oct-86 04:11:51 EST Reply-To: rlk@athena.MIT.EDU Organization: MIT Project Athena Lines: 42 It seems that the people who disagree with the concept of looking through other people's publicly-readable files are using the analogy of an unlocked house, and a burglar. I believe that this analogy is flawed. One major difference is that reading files from other people's directories does not deprive the other people of use of their information; taking a physical object from someone's house is. This is a general difference between information and physical property -- creation of duplicate pieces of information is free, whereas one cannot duplicate physical property in this trivial way. This is one reason why different codes of behavior may be appropriate in the two cases of "access to the UNIX file system" and "access to buildings in the real world." (richter@randvax). Since all copies of the same piece of information are completely equivalent (we'll ignore bizarre cases such as dbm(3) databases, with their holes), it is reasonable to claim that leaving a file world-readable is equivalent to inviting the world to share this information. If leaving information freely available to everyone is not granting them permission to read it, then what is? I would like the people arguing against (read access == read permission) to state a way in which I can permit anyone to read my files, without worrying about who is doing it (i. e. I don't want to grant individual permission to 4000 users; if someone wants to walk through my home directory, they're welcome to it). Similarly, if I can't get in touch with someone because they are away on vacation, but their files are readable, and it is reasonable to assume that they don't want to stop someone else from reading their files (i. e. some code I want to see, or the like), what do I do? Public places do have different rules than private places, as any number of people have pointed out. However, due to the difference in nature between information and physical property, the analogy doesn't hold up too well. Here at Athena, we set up user's accounts by default with a home directory protection of 711, and a umask of 66. People who change this have to do it deliberately, which I would interpret as giving implied permission to inspect their files (although I don't feel right simply doing a recursive cat on their home directory). -- Robert^Z