Red Hat Bugzilla – Bug 160644
useradd creates 0755 home directory
Last modified: 2007-11-30 17:11:07 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 Description of problem: When you use the useradd command to create a new user, the new home directory is created with 0755 rights. Version-Release number of selected component (if applicable): shadow-utils-4.0.7-9 How reproducible: Always Steps to Reproduce: 1. Create a new user ex: foo 2. useradd foo 3. See the /home/foo directory Actual Results: # ls -l /home total 8 drwxr-xr-x 2 foo foo 4096 jun 16 12:00 foo Expected Results: # ls -l /home total 8 drwx------ 2 foo foo 4096 jun 16 12:00 foo Additional info: Add this new line in the '/etc/login.defs' file to solve this : UMASK 0077
Also the first user created during the firstboot panel is created with 0755 rights. Then after first user login remeber to do a "chmod -R go-rwx ~".
It's not bug. Everybody can set useradd to use different umask. I think it's good to stay using default mainstream umask see: http://lists.pld.org.pl/mailman/pipermail/shadow/2005-May/000102.html
Red Hat has enough modifications to shadow-utils to make this silly NOT to fix this security problem! In any case, use the luseradd command from the libuser package ... it creates the user with the correct permissions (700) and selinux attributes.