Other Unix Risks

In the last section, we discussed some of the benefits and privacy risks of the Zephyr Notification System.  In many cases, users have some level of control over how visible they were on this system.  Unfortunately, Zephyr is only one small part of using a UNIX system.   In fact, many UNIX networks do not even use Zephyr.  More importantly, UNIX itself was not designed with privacy in mind.  Rather, it allows users to have a high degree of access to various forms of information, often in the form of command-line utilities.  This section will outline some of the types of information that other users can glean about you through standard UNIX commands.

Processes

Because UNIX is a multi-user environment, certain programs were made to provide information at a global level about running processes on the workstation a user is currently logged onto.  Unlike your ability to control the accessibility of files in your home directory, you have almost no control over other users’ ability to monitor what applications you are currently running.   If I were logged onto fable8 and you were logged onto some other Sweet Hall machine, you could type:

elaine8:~/> rsh fable8 ps –ef | grep myusername

in which case, you might find something like the following:

myusername 14483     1  0 11:29:17 pts/9     0:00 /usr/pubsw/bin/zwgc -ttymode
myusername 14463 14460  0 11:29:16 pts/9      0:00 -tcsh
myusername 14502 14501  1 11:29:20 pts/9    0:00 pine

The last column contains a list of processes that I was running at the time.  The first two are pretty standard.  However, you might recognize that pine is an e-mail program, so you could guess that I must be doing e-mail.  This has potential benefits since zwriting me would rudely, albeit temporarily, clutter my e-mail with your message, and out of politeness, you might hesitate to zwrite me.  On the other hand, there are those who take great pleasure in knowing what others are up to.  In fact, one could conceivably write a script to automatically comb through all the Sweet Hall systems and generate a summary of the applications someone might be running.

Finger

UNIX networks are often setup (perhaps by default) so that certain information about a user is publicly available. Typing finger username can tell you when someone last checked e-mail, what time the login occurred, what machine the login was initiated from, and how long the terminal has been idle:

fable8:~> finger username

Login name: username                             In real life: User's Name

Directory: /afs/ir/users/w/l/username         Shell: /bin/tcsh

On since May 22 22:15:41 on pts/24 from ironchef.stanford.edu

1 minute 18 seconds Idle Time

No unread mail

Project: Training to make better dishes than Iron Chef Sakai.

No Plan.

The Sweet Hall machines also provide a script called sweetfinger which gives similar information in a more friendly format:

Login           Name                   Machine     TTY      Idle    When    Where

username     User's Name          fable3      pts/16      4 Thu 11:29 a3c-imac-06

It is worth noting that the information is not completely accurate.  The summary the script displays is based on data obtained a few minutes before the script was run, not data obtained in real-time (as in Zephyr or finger).

Home Folders 

Many students use their home folders to store papers, files, and other documents that they want to access from cluster PC’s and Macs. Your home folder is generally a safe place to store files, but many students are unaware that others can view the contents of their home folder using UNIX. By simply typing

fable8:~> ls ~username

any user can access a list of files that are contained in the home folder of the person with this username. Depending on the permissions associated with those files, other users might even be able to read the files in your home folder.