[Adduser-devel] Bug#398793: Default Homedir Permissions
Ian Jackson
ijackson at chiark.greenend.org.uk
Thu Feb 17 13:44:26 UTC 2011
Olaf van der Spek writes ("Default Homedir Permissions"):
> Default homedir permissions are 755. World-readable (and listable).
> Common (security) sense says that permissions that are not required
> should not be granted. For example, accounts mysql and www-data should
> not have access to my documents.
I disagree with this conclusion, because I disagree with the
underlying implication that the general readability of files is not
needed.
Most installed systems have a smallish number of users who know each
other reasonably well and would like to be able to share files. It
does not make sense to put strong privacy barriers in between those
users. Sensitive data like email and browser histories are already
made non-world-readable.
So the default is correct.
Perhaps it might be reasonable to try to find a way for accounts like
msql and www-data not to be able to access home directories (add
"daemon" to their supplementary group list and set the permissions of
/home 0705 to root.daemon, perhaps), but is this really worthwhile ?
If it is, the right thing to do is to go away and think about exactly
how to do it, not to file a bug asking for the default home directory
permissions to be changed.
Ian.
More information about the Adduser-devel
mailing list