Solving Privacy Issues
Desktop Training - Ubuntu

One of the features in Ubuntu 9.04 Jackalope is the ability to create an encrypted directory for content you do not want others to access.  You can create n encrypted directory for your user at install or you can add encryption after you have installed.

Oh, by the way, did you know that anyone can read your files that are in your home directory? Here is an example of sue logged in and able to open files in mike's home directory. However, note that they are opened read-only so they cannot be changed. Still, who is looking at your stuff?

Ubuntu 8.10 Intrepid Ibex

So it makes sense to encrypt your files if you do not want others to access them.

If you have the permissions you can right click on a file and encrypt it.  You will need to generate a key so that you can do that but it is easy to do so.  Right click on the file you want to encrypt and you will see "Encrypt" in the menu of Nautilus.


The first time you will see that you do not have a Key to use for encryption so you will need to create it,  just click OK and the process will begin.


You will have a choice of keys to create, here a PGP Key is created that can be used for mail or for files.


You will need to add a good passphrase.


There it is complete.  Now you can use the key to encrypt a file.


This example shows the "SecretFile" and the key about to be applied.

File encryption


That is all there is to it unless you want to guarantee privacy using permissions in the file system.


Privacy Through Permissions

Another way to solve privacy issues is to change the permissions on what people can see in your home directory.  As the owner/user  of the directory you can  do this with a command from the command line.  Here is an example of the command to use if your login was tom:

chmod -R 750 /home/tom/

Now that will change permissions on existing file but not new files created so you will want to change the umask on the system, or the permissions of all files that are created.


Changing Permissions with the umask
The default permissions on an Ubuntu 8.10 install is to allow any user that connects to the system to read all files in the home directory of all users...scary!  The umask is set to 022 which determines these permissions.  Here is how the umask works.  The umask is set for all users in the /etc/profile file.  When users log in the profile is set for all users.  If you look at the file you will see that the umask is configured for 022.

Max permissions of a file are 666 (folders 777).  So to determine the permissions you will need to subtract the umask from the max file permissions (666-022 = 644) or read/write for the user, read for the group and read for all others.

The umask listed below provides for permissions that allow all users in the group  and all others, this means anyone, will be able to read all files of all users.  This is probably what you do not want!

umask 022

Now this umask takes away all rights to read, write or execute the file that is created for others.    This is probably what you want, eliminate the access from people you do not specifically give access to your files...privacy.
umask 027

To make your umask permanent as root open the /etc/profile and change the umask to 027.

sudo vim /etc/profile

umask 027