Bug 170750 - Home dir permissions not consistent
Home dir permissions not consistent
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: system-config-users (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-14 08:39 EDT by Need Real Name
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-07 10:38:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2005-10-14 08:39:27 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 Epiphany/1.6.5

Description of problem:
Adding a user to the system is not consistent across the gui and command line tools.

The adduser and useradd utilites create world readable home directories.
The gui tool creates a user readable home directory.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
x

Additional info:
Comment 3 n0dalus 2006-01-13 06:41:47 EST
Reproducable in devel on 13th Jan 2006.

system-config-users-1.2.41-1.1
shadow-utils-4.0.14-1
Comment 4 Nils Philippsen 2006-03-07 07:22:12 EST
This will have to wait until after FC5 is out as s-c-users uses libuser which
uses /etc/libuser.conf (and not /etc/login.defs) which doesn't provide means to
set the home directory mode.
Comment 6 Miloslav Trmač 2006-03-07 09:02:45 EST
libuser currently hardcodes mode 0700.

I personally consider the default permissions of 0750 on home directories
created by adduser a security issue (if not in the application, at minimum in
the default configuration); useradd did use 0700 in the past (using an RH
patch to the default configuration, IIRC), why was it changed?

#160644 doesn't really explain anything, neither does the lack of an upstream
answer in the thread at #160644c2;  security should trump upstream defaults
IMHO.  I must have overlooked some important reason for the status quo...

As I recall, firstboot is now using luseradd to add users only because luseradd
uses mode 0700.
Comment 7 Need Real Name 2006-03-07 09:09:10 EST
off-topic, but you'd probably be horrified to see what debian does:
world readable /home/username AND /root/. ugh.
Comment 8 Peter Vrabec 2006-03-07 10:38:44 EST
Finally, I changed shadow-utils to use mode 0700 by default.
shadow-utils-4.0.14-3

Note You need to log in before you can comment on or make changes to this bug.