Bug 170750 - Home dir permissions not consistent
Summary: Home dir permissions not consistent
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-users
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-10-14 12:39 UTC by Need Real Name
Modified: 2007-11-30 22:11 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-03-07 15:38:44 UTC


Attachments (Terms of Use)

Description Need Real Name 2005-10-14 12:39:27 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 Epiphany/1.6.5

Description of problem:
Adding a user to the system is not consistent across the gui and command line tools.

The adduser and useradd utilites create world readable home directories.
The gui tool creates a user readable home directory.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
x

Additional info:

Comment 3 n0dalus 2006-01-13 11:41:47 UTC
Reproducable in devel on 13th Jan 2006.

system-config-users-1.2.41-1.1
shadow-utils-4.0.14-1

Comment 4 Nils Philippsen 2006-03-07 12:22:12 UTC
This will have to wait until after FC5 is out as s-c-users uses libuser which
uses /etc/libuser.conf (and not /etc/login.defs) which doesn't provide means to
set the home directory mode.

Comment 6 Miloslav Trmač 2006-03-07 14:02:45 UTC
libuser currently hardcodes mode 0700.

I personally consider the default permissions of 0750 on home directories
created by adduser a security issue (if not in the application, at minimum in
the default configuration); useradd did use 0700 in the past (using an RH
patch to the default configuration, IIRC), why was it changed?

#160644 doesn't really explain anything, neither does the lack of an upstream
answer in the thread at #160644c2;  security should trump upstream defaults
IMHO.  I must have overlooked some important reason for the status quo...

As I recall, firstboot is now using luseradd to add users only because luseradd
uses mode 0700.

Comment 7 Need Real Name 2006-03-07 14:09:10 UTC
off-topic, but you'd probably be horrified to see what debian does:
world readable /home/username AND /root/. ugh.

Comment 8 Peter Vrabec 2006-03-07 15:38:44 UTC
Finally, I changed shadow-utils to use mode 0700 by default.
shadow-utils-4.0.14-3



Note You need to log in before you can comment on or make changes to this bug.