Red Hat Bugzilla – Bug 66693
installer gives wrong (possibly insecure) owner, group and permissions for home directory partition
Last modified: 2007-04-18 12:43:09 EDT
Description of Problem:
An ordinary user's home directory gets bad owner, group and permissions
when one make a separate partition for that home directory
during RH 7.3 installation.
For example, ls -l /home should be something like:
drwx------ 60 vel vel 4096 Jun 13 13:44 vel
but I get the following instead:
[root@localhost root]# ll /home
drwxr-xr-x 3 root root 1024 Jun 12 19:08 vel
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Use fdisk during installation to make /home/vel partition.
2. Create vel user account during installation.
/home/vel has wrong owner, group and permissions
of root, root and 755 respectively.
/home/vel should have permissions of 700 and
owner and group should be vel.
Possible security vulnerability, since others can
see contents of vel's home directory, although there
won't be much to see since vel can not put anything
in its own home directory.
RH 7.2 behaved this way also.
Assigning to an engineer.
So the home directory of the user is on a separate partition and not just /home?
[root@localhost root]# grep home /etc/fstab
LABEL=/home/vel /home/vel ext3 defaults 1 2
Unfortunately, there's no way for us to know that this is a home directory and
not just a random partition name (especially now that we no longer create user
accounts during the installation process).