Data Privacy Month (with a painful story about file permissions)

January 28th kicked off Data Privacy Month.  CIS is marking the month by reminding you that data privacy is everyone’s responsibility. Here is a second true story culled from the vaults of HMC server administrator lore. Some details have been changed. Read it, weep… and then check your folder and file permissions.

Agnes and students-l are not involved.

So there once was a professor, let’s call him Dr. Linus Windonmax. He was a professor of linguistics in the Humanities Division of a large state university. (Not all of the HMC server administrator lore is actually about HMC.  Server admins sometimes talk to other server admins around water coolers or campfires).  LWM, as his students called him, was a careful and detail oriented person who always read every word of every email sent to him by his local IT unit.  This in itself marked him as a rare bird, since not even the IT folk read every word of every email, especially not the ones they wrote.  But I digress.

LWM had read and carefully followed instructions about how to store files on the file server.  He wanted to keep his work for posterity and he knew that files on the file server were backed up and stored off site, unlike things he stored on his local hard drive. So he had gotten into the habit of stashing his stuff on “charlie”, as the file server was affectionately called.  Only hoary server admins knew why, and no one wanted to be considered hoary.

One day, as LWM ambled to class, his colleague Wilma waved and smiled.  “LWM, congratulations on selling the house”.  Linus politely smiled back; in fact he bared his newly polished teeth to hide his mortification.  For he hadn’t told anyone on campus about the house. In class, a few of his students made arch mention of pajamas and champagne. More mortification: it seemed they knew about his little soiree to celebrate the house sale. Hmm. not good, not good.

Later that afternoon, as the still agitated professor sat in front of his widescreen monitor, it suddenly struck LWM  that someone must have been looking at his files. He’d stored copies of all of the house sale documents and the “pajamas and champagne” party photos on Charlie, as was his wont. He sprinted over to the IT Help Desk to demand an explanation.

The friendly folk at the Help Desk had to work hard to explain the situation to LWM, especially since the server admins were still deep in the long dark teatime of the soul, dealing with students-l problems. In a nutshell, it went like this. No one could actually see LWM’s files, except LWM himself and two server admins of high integrity (definitely not hoary).  But everyone who had an account on Charlie could see the names of his files and browse through his folders looking at how they were organized. That, said the helpful help desk staffer, was a result of the “file permissions”, which determine who has access to a file or folder and what kind of access they have (see file names, open files, edit files, delete…). Most users can change their own file permissions, and over time, the result of choices by users and server admins had resulted in the mortification of LWM.

Coming back now to HMC, the file permissions on Charlie and Alice are not very consistent, and we have had situations in which file names were visible in ways that people did not intend.  This is the result of myriad choices over the years by both users and server admins. And the only really safe way for us to be sure that permissions are correct is to ask you to check them.  So, during data privacy month, perhaps you can take a few minutes to do so?  You can double check your file permissions easily enough.from a Windows computer.  Here are instructions (requires HMC Credentials).

It’s everyone’s responsibility to ensure data privacy. During Data Privacy Month, please make protecting privacy and data a greater priority. Thanks for reading. Now go forth and check your file permissions.

Leave a Reply