Bug 439424
Summary: | incorrectly complains about user private group setup | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bill Nottingham <notting> |
Component: | sectool | Assignee: | Peter Vrabec <pvrabec> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | msamia, rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-04-02 16:36:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bill Nottingham
2008-03-28 17:29:40 UTC
I think it is not good idea to allow other users to view your home. Even if they are in the same group. For example at my university all students are in group stud, so cca 3000 people can ls your home. I tried to add a user in F8 by system-config-users and the created home had priviles 700 and sectool, of course, didn't say anything on this. I think admin may want to inform his users about wrong priviledges of their homes and explain them why do not set this.. What about changing this ERROR to WARNING? And can you send me 'stat /home/notting', please? But, by default, we create users as one user per group. I don't see the point in warning about something that is 1) the default 2) not insecure. File: `/home/notting/' Size: 106496 Blocks: 216 IO Block: 4096 directory Device: 802h/2050d Inode: 4830922 Links: 122 Access: (0755/drwxr-xr-x) Uid: ( 2166/ notting) Gid: ( 2167/ notting) Where did you find that 755 is default for home directories? It was at some point. Not sure when it was changed. (The problem with 10-year old home directories....) I sent info about this bug into the shadow mailing list... The problem with this patch is, that it can't be applied to the current version, it needs to be re-written. http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-April/006478.html I'm sorry for the previous post, it was to another bug... I think the purpose of sectool is to find mistakes of reckless admins or users and this *is* a mistake of irresponsible user. So he would be warned about it. Even if it was 10 years without any care. |