Can any app access any file/folder in Home directory any time?

Continuing the discussion from Security/Privacy team players - check in!:

Can any app access any file/folder (even in background) in @home directory? For example, can (not does) dropbox monitor any file other than I select, if it wants? If yes, how can I prevent apps from accessing other files/folders than they need to?

For some apps, can I limit access only to its ~/.config/... and .local/share/... folder?

In Mac, if I open new app it asks for storage permission. Even in Android it asks for storage permission. Why not in Linux?

Simple answer yes, a process in Linux runs with your permissions, with all your rights.

1 Like

Linux allows for very fine tuning of permissions. I would think it's possible to restrict a programs access rights.

It might take installing it as a member of another user/group and then you could only allow access for that user/group to specific directories.

Just a thought. I'll let others with more knowledge of the ins and outs of fine grained permissions control to comment.


Yes, there's a lot that can be done...but it's not done by default and there would be quite a bit of tweaking to get everything working right. And for every application you would need do the same set of tweaking depending on what the requirements of the programs access would be.
Have fun, sounds like a full time job to me :wink:

Tricky question:: How do you know what each of the above programs can access, after answering Yes?

In General: Linux programs are Open Source, meaning anyone with knowledge of the respective code language can read through the code and see if there is a misuse of the user power.
There are some standards about what a program is allowed to do. One of them is they can't change/write anywhere/anything else than their program scope, which is explained from the program author.
Such misuse/mal-activity is more or else evident to experienced users and reported, so either the author fixes the program, or it's discredited by the Linux community (leading to distros removing the program from repos and advise users to not install and use).
Programs that a user starts/runs can read/write where the specific user can read/write, meaning no root permissions, unable to affect the system.
If a user wants to run a program with root permissions, when he shouldn't, he himself compromises his own system (not the program author).

It's the default. You don't need to do anything.
If you think a program does something else, just post evidence so we can kick it out of our systems.

Then, if you are paranoid enough (or absolutely sure) to believe something, with no evidence, you may create a religion. There are so many out there :wink:.

1 Like

My cocern was not about FOSS programs, it was about closed ones like dropbox. It's not that I don't trust it, but I want just to know the possiblity. I even use it by myseilf. I gave example of Dropbox because it is known to be with the Eyes.

Not currenrly :slight_smile:. I'm not even a tech expert to monitor for apps for what they do. I was just asking for the possiblity in Linux since it is known to be more secure platform than the Windows, Mac and Android.

1 Like