Bug 66693 - installer gives wrong (possibly insecure) owner, group and permissions for home directory partition
installer gives wrong (possibly insecure) owner, group and permissions for ho...
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: installer (Show other bugs)
7.3
athlon Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-06-13 14:35 EDT by Jim Prior
Modified: 2007-04-18 12:43 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-03 01:07:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jim Prior 2002-06-13 14:35:17 EDT
Description of Problem:

An ordinary user's home directory gets bad owner, group and permissions 
when one make a separate partition for that home directory 
during RH 7.3 installation.  

For example, ls -l /home should be something like:

   drwx------   60 vel      vel          4096 Jun 13 13:44 vel

but I get the following instead:

   [root@localhost root]# ll /home
   total 1
   drwxr-xr-x    3 root     root         1024 Jun 12 19:08 vel
   [root@localhost root]#

Version-Release number of selected component (if applicable):

How Reproducible:
Every time

Steps to Reproduce:
1. Use fdisk during installation to make /home/vel partition.
2. Create vel user account during installation.

Actual Results:
/home/vel has wrong owner, group and permissions
of root, root and 755 respectively.


Expected Results:
/home/vel should have permissions of 700 and
owner and group should be vel.


Additional Information:
Possible security vulnerability, since others can
see contents of vel's home directory, although there
won't be much to see since vel can not put anything
in its own home directory.

RH 7.2 behaved this way also.
Comment 1 Michael Fulbright 2002-06-14 11:51:31 EDT
Assigning to an engineer.
Comment 2 Jeremy Katz 2002-06-21 17:15:39 EDT
So the home directory of the user is on a separate partition and not just /home?
Comment 3 Jim Prior 2002-06-21 23:55:05 EDT
Yes: 

[root@localhost root]# grep home /etc/fstab
LABEL=/home/vel         /home/vel               ext3    defaults        1 2
[root@localhost root]#
Comment 4 Jeremy Katz 2003-01-03 01:07:04 EST
Unfortunately, there's no way for us to know that this is a home directory and
not just a random partition name (especially now that we no longer create user
accounts during the installation process).

Note You need to log in before you can comment on or make changes to this bug.