Where are read permission limits to guest user stored?
772
The default guest user can't read the home directory and its contents, but it can read the root directory and other directories with the same permissions as home. So, where is this particular limitation specified?
The package used to handle the restricted permissions for the guest session is AppArmor.
AppArmor is a Linux Security Module implementation of name-based mandatory access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities.
It utilizes so called "profiles" to permit/deny access to files/directories, the network,...
Those profiles are stored under etc/apparmor.d/, the one responsible for the guest user in newer releases (after the switch to lightdm as display manager) is lightdm-guest-session. Everything within the guest session is handled by /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper, which is a binary file.
The package used to handle the restricted permissions for the guest session is AppArmor.
(From the Ubuntu Server Guide)
It utilizes so called "profiles" to permit/deny access to files/directories, the network,...
Those profiles are stored under
etc/apparmor.d/, the one responsible for the guest user in newer releases (after the switch to lightdm as display manager) islightdm-guest-session. Everything within the guest session is handled by/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper, which is a binary file.