Bug 439424

Summary: incorrectly complains about user private group setup
Product: [Fedora] Fedora Reporter: Bill Nottingham <notting>
Component: sectoolAssignee: Peter Vrabec <pvrabec>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: msamia, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-02 16:36:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bill Nottingham 2008-03-28 17:29:40 UTC 
Description of problem:

We default to user private groups by default. sectool complains about this, when
it's the standard operation of the system.


        Error(06)     User "notting" allows other users from his group to read
his hom
e directory "/home/notting"!
        Error(05)     User "notting" allows other users from his group to open
his hom
e directory "/home/notting"!

Version-Release number of selected component (if applicable):

sectool-0.6.0-1.noarch
Comment 1 Michel Samia 2008-03-31 17:01:05 UTC 
I think it is not good idea to allow other users to view your home. Even if they
are in the same group. For example at my university all students are in group
stud, so cca 3000 people can ls your home. I tried to add a user in F8 by
system-config-users and the created home had priviles 700 and sectool, of
course, didn't say anything on this.

I think admin may want to inform his users about wrong priviledges of their
homes and explain them why do not set this..

What about changing this ERROR to WARNING?

And can you send me 'stat /home/notting', please?
Comment 2 Bill Nottingham 2008-03-31 17:08:07 UTC 
But, by default, we create users as one user per group. I don't see the point in
warning about something that is 1) the default 2) not insecure.

  File: `/home/notting/'
  Size: 106496    	Blocks: 216        IO Block: 4096   directory
Device: 802h/2050d	Inode: 4830922     Links: 122
Access: (0755/drwxr-xr-x)  Uid: ( 2166/ notting)   Gid: ( 2167/ notting)
Comment 3 Michel Samia 2008-04-01 19:18:48 UTC 
Where did you find that 755 is default for home directories?
Comment 4 Bill Nottingham 2008-04-01 19:51:16 UTC 
It was at some point. Not sure when it was changed. (The problem with 10-year
old home directories....)
Comment 5 Michel Samia 2008-04-02 14:04:38 UTC 
I sent info about this bug into the shadow mailing list... The problem with this
patch is, that it can't be applied to the current version, it needs to be
re-written.
http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-April/006478.html
Comment 6 Michel Samia 2008-04-02 14:07:48 UTC 
I'm sorry for the previous post, it was to another bug...
Comment 7 Michel Samia 2008-04-02 14:22:06 UTC 
I think the purpose of sectool is to find mistakes of reckless admins or users
and this *is* a mistake of irresponsible user. So he would be warned about it.
Even if it was 10 years without any care.