Bug 439424 - incorrectly complains about user private group setup
incorrectly complains about user private group setup
Product: Fedora
Classification: Fedora
Component: sectool (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Vrabec
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-03-28 13:29 EDT by Bill Nottingham
Modified: 2014-03-16 23:13 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-02 12:36:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bill Nottingham 2008-03-28 13:29:40 EDT
Description of problem:

We default to user private groups by default. sectool complains about this, when
it's the standard operation of the system.

        Error(06)     User "notting" allows other users from his group to read
his hom
e directory "/home/notting"!
        Error(05)     User "notting" allows other users from his group to open
his hom
e directory "/home/notting"!

Version-Release number of selected component (if applicable):

Comment 1 Michel Samia 2008-03-31 13:01:05 EDT
I think it is not good idea to allow other users to view your home. Even if they
are in the same group. For example at my university all students are in group
stud, so cca 3000 people can ls your home. I tried to add a user in F8 by
system-config-users and the created home had priviles 700 and sectool, of
course, didn't say anything on this.

I think admin may want to inform his users about wrong priviledges of their
homes and explain them why do not set this..

What about changing this ERROR to WARNING?

And can you send me 'stat /home/notting', please?
Comment 2 Bill Nottingham 2008-03-31 13:08:07 EDT
But, by default, we create users as one user per group. I don't see the point in
warning about something that is 1) the default 2) not insecure.

  File: `/home/notting/'
  Size: 106496    	Blocks: 216        IO Block: 4096   directory
Device: 802h/2050d	Inode: 4830922     Links: 122
Access: (0755/drwxr-xr-x)  Uid: ( 2166/ notting)   Gid: ( 2167/ notting)
Comment 3 Michel Samia 2008-04-01 15:18:48 EDT
Where did you find that 755 is default for home directories?
Comment 4 Bill Nottingham 2008-04-01 15:51:16 EDT
It was at some point. Not sure when it was changed. (The problem with 10-year
old home directories....)
Comment 5 Michel Samia 2008-04-02 10:04:38 EDT
I sent info about this bug into the shadow mailing list... The problem with this
patch is, that it can't be applied to the current version, it needs to be
Comment 6 Michel Samia 2008-04-02 10:07:48 EDT
I'm sorry for the previous post, it was to another bug...
Comment 7 Michel Samia 2008-04-02 10:22:06 EDT
I think the purpose of sectool is to find mistakes of reckless admins or users
and this *is* a mistake of irresponsible user. So he would be warned about it.
Even if it was 10 years without any care.

Note You need to log in before you can comment on or make changes to this bug.