Red Hat Bugzilla – Bug 160644
useradd creates 0755 home directory
Last modified: 2007-11-30 17:11:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
When you use the useradd command to create a new user, the new home directory is created with 0755 rights.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a new user ex: foo
2. useradd foo
3. See the /home/foo directory
Actual Results: # ls -l /home
drwxr-xr-x 2 foo foo 4096 jun 16 12:00 foo
Expected Results: # ls -l /home
drwx------ 2 foo foo 4096 jun 16 12:00 foo
Add this new line in the '/etc/login.defs' file to solve this :
Also the first user created during the firstboot panel is created with 0755 rights.
Then after first user login remeber to do a "chmod -R go-rwx ~".
It's not bug. Everybody can set useradd to use different umask. I think it's
good to stay using default mainstream umask
Red Hat has enough modifications to shadow-utils to make this silly NOT to fix
this security problem!
In any case, use the luseradd command from the libuser package ... it creates
the user with the correct permissions (700) and selinux attributes.