Description of problem: We default to user private groups by default. sectool complains about this, when it's the standard operation of the system. Error(06) User "notting" allows other users from his group to read his hom e directory "/home/notting"! Error(05) User "notting" allows other users from his group to open his hom e directory "/home/notting"! Version-Release number of selected component (if applicable): sectool-0.6.0-1.noarch
I think it is not good idea to allow other users to view your home. Even if they are in the same group. For example at my university all students are in group stud, so cca 3000 people can ls your home. I tried to add a user in F8 by system-config-users and the created home had priviles 700 and sectool, of course, didn't say anything on this. I think admin may want to inform his users about wrong priviledges of their homes and explain them why do not set this.. What about changing this ERROR to WARNING? And can you send me 'stat /home/notting', please?
But, by default, we create users as one user per group. I don't see the point in warning about something that is 1) the default 2) not insecure. File: `/home/notting/' Size: 106496 Blocks: 216 IO Block: 4096 directory Device: 802h/2050d Inode: 4830922 Links: 122 Access: (0755/drwxr-xr-x) Uid: ( 2166/ notting) Gid: ( 2167/ notting)
Where did you find that 755 is default for home directories?
It was at some point. Not sure when it was changed. (The problem with 10-year old home directories....)
I sent info about this bug into the shadow mailing list... The problem with this patch is, that it can't be applied to the current version, it needs to be re-written. http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2008-April/006478.html
I'm sorry for the previous post, it was to another bug...
I think the purpose of sectool is to find mistakes of reckless admins or users and this *is* a mistake of irresponsible user. So he would be warned about it. Even if it was 10 years without any care.