Bug 66693 - installer gives wrong (possibly insecure) owner, group and permissions for home directory partition
Summary: installer gives wrong (possibly insecure) owner, group and permissions for ho...
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: installer (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: athlon Linux
medium
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-06-13 18:35 UTC by Jim Prior
Modified: 2007-04-18 16:43 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-03 06:07:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jim Prior 2002-06-13 18:35:17 UTC
Description of Problem:

An ordinary user's home directory gets bad owner, group and permissions 
when one make a separate partition for that home directory 
during RH 7.3 installation.  

For example, ls -l /home should be something like:

   drwx------   60 vel      vel          4096 Jun 13 13:44 vel

but I get the following instead:

   [root@localhost root]# ll /home
   total 1
   drwxr-xr-x    3 root     root         1024 Jun 12 19:08 vel
   [root@localhost root]#

Version-Release number of selected component (if applicable):

How Reproducible:
Every time

Steps to Reproduce:
1. Use fdisk during installation to make /home/vel partition.
2. Create vel user account during installation.

Actual Results:
/home/vel has wrong owner, group and permissions
of root, root and 755 respectively.


Expected Results:
/home/vel should have permissions of 700 and
owner and group should be vel.


Additional Information:
Possible security vulnerability, since others can
see contents of vel's home directory, although there
won't be much to see since vel can not put anything
in its own home directory.

RH 7.2 behaved this way also.

Comment 1 Michael Fulbright 2002-06-14 15:51:31 UTC
Assigning to an engineer.

Comment 2 Jeremy Katz 2002-06-21 21:15:39 UTC
So the home directory of the user is on a separate partition and not just /home?

Comment 3 Jim Prior 2002-06-22 03:55:05 UTC
Yes: 

[root@localhost root]# grep home /etc/fstab
LABEL=/home/vel         /home/vel               ext3    defaults        1 2
[root@localhost root]#

Comment 4 Jeremy Katz 2003-01-03 06:07:04 UTC
Unfortunately, there's no way for us to know that this is a home directory and
not just a random partition name (especially now that we no longer create user
accounts during the installation process).


Note You need to log in before you can comment on or make changes to this bug.