Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 170750 - Home dir permissions not consistent
Home dir permissions not consistent
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: system-config-users (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-14 08:39 EDT by Need Real Name
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-07 10:38:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Need Real Name 2005-10-14 08:39:27 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 Epiphany/1.6.5

Description of problem:
Adding a user to the system is not consistent across the gui and command line tools.

The adduser and useradd utilites create world readable home directories.
The gui tool creates a user readable home directory.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
x

Additional info:
Comment 3 n0dalus 2006-01-13 06:41:47 EST 
Reproducable in devel on 13th Jan 2006.

system-config-users-1.2.41-1.1
shadow-utils-4.0.14-1
Comment 4 Nils Philippsen 2006-03-07 07:22:12 EST 
This will have to wait until after FC5 is out as s-c-users uses libuser which
uses /etc/libuser.conf (and not /etc/login.defs) which doesn't provide means to
set the home directory mode.
Comment 6 Miloslav Trmač 2006-03-07 09:02:45 EST 
libuser currently hardcodes mode 0700.

I personally consider the default permissions of 0750 on home directories
created by adduser a security issue (if not in the application, at minimum in
the default configuration); useradd did use 0700 in the past (using an RH
patch to the default configuration, IIRC), why was it changed?

#160644 doesn't really explain anything, neither does the lack of an upstream
answer in the thread at #160644c2;  security should trump upstream defaults
IMHO.  I must have overlooked some important reason for the status quo...

As I recall, firstboot is now using luseradd to add users only because luseradd
uses mode 0700.
Comment 7 Need Real Name 2006-03-07 09:09:10 EST 
off-topic, but you'd probably be horrified to see what debian does:
world readable /home/username AND /root/. ugh.
Comment 8 Peter Vrabec 2006-03-07 10:38:44 EST 
Finally, I changed shadow-utils to use mode 0700 by default.
shadow-utils-4.0.14-3
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.