Bug 66693

Summary: installer gives wrong (possibly insecure) owner, group and permissions for home directory partition
Product: [Retired] Red Hat Linux Reporter: Jim Prior <jep200404>
Component: installerAssignee: Jeremy Katz <katzj>
Status: CLOSED WONTFIX QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: athlon   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-01-03 06:07:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jim Prior 2002-06-13 18:35:17 UTC 
Description of Problem:

An ordinary user's home directory gets bad owner, group and permissions 
when one make a separate partition for that home directory 
during RH 7.3 installation.  

For example, ls -l /home should be something like:

   drwx------   60 vel      vel          4096 Jun 13 13:44 vel

but I get the following instead:

   [root@localhost root]# ll /home
   total 1
   drwxr-xr-x    3 root     root         1024 Jun 12 19:08 vel
   [root@localhost root]#

Version-Release number of selected component (if applicable):

How Reproducible:
Every time

Steps to Reproduce:
1. Use fdisk during installation to make /home/vel partition.
2. Create vel user account during installation.

Actual Results:
/home/vel has wrong owner, group and permissions
of root, root and 755 respectively.


Expected Results:
/home/vel should have permissions of 700 and
owner and group should be vel.


Additional Information:
Possible security vulnerability, since others can
see contents of vel's home directory, although there
won't be much to see since vel can not put anything
in its own home directory.

RH 7.2 behaved this way also.
Comment 1 Michael Fulbright 2002-06-14 15:51:31 UTC 
Assigning to an engineer.
Comment 2 Jeremy Katz 2002-06-21 21:15:39 UTC 
So the home directory of the user is on a separate partition and not just /home?
Comment 3 Jim Prior 2002-06-22 03:55:05 UTC 
Yes: 

[root@localhost root]# grep home /etc/fstab
LABEL=/home/vel         /home/vel               ext3    defaults        1 2
[root@localhost root]#
Comment 4 Jeremy Katz 2003-01-03 06:07:04 UTC 
Unfortunately, there's no way for us to know that this is a home directory and
not just a random partition name (especially now that we no longer create user
accounts during the installation process).