Looking through other users' (unprotected) files

Robert L Krawitz rlk at mit-trillian.MIT.EDU
Sun Oct 26 12:33:48 AEST 1986 

It seems that the people who disagree with the concept of looking
through other people's publicly-readable files are using the analogy
of an unlocked house, and a burglar.  I believe that this analogy is
flawed.

One major difference is that reading files from other people's
directories does not deprive the other people of use of their
information; taking a physical object from someone's house is.  This
is a general difference between information and physical property --
creation of duplicate pieces of information is free, whereas one
cannot duplicate physical property in this trivial way.  This is one
reason why different codes of behavior may be appropriate in the two
cases of "access to the UNIX file system" and "access to buildings in
the real world." (richter at randvax).

Since all copies of the same piece of information are completely
equivalent (we'll ignore bizarre cases such as dbm(3) databases, with
their holes), it is reasonable to claim that leaving a file
world-readable is equivalent to inviting the world to share this
information.  If leaving information freely available to everyone is
not granting them permission to read it, then what is?  I would like
the people arguing against (read access == read permission) to state a
way in which I can permit anyone to read my files, without worrying
about who is doing it (i. e. I don't want to grant individual
permission to 4000 users; if someone wants to walk through my home
directory, they're welcome to it).  Similarly, if I can't get in touch
with someone because they are away on vacation, but their files are
readable, and it is reasonable to assume that they don't want to stop
someone else from reading their files (i. e. some code I want to see,
or the like), what do I do?

Public places do have different rules than private places, as any
number of people have pointed out.  However, due to the difference in
nature between information and physical property, the analogy doesn't
hold up too well.

Here at Athena, we set up user's accounts by default with a home
directory protection of 711, and a umask of 66.  People who change
this have to do it deliberately, which I would interpret as giving
implied permission to inspect their files (although I don't feel right
simply doing a recursive cat on their home directory).
-- 
Robert^Z

More information about the Comp.unix mailing list