Home_greyopenFATE - openSUSE feature tracking > #306645
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Secure home directory permissions by default

Feature state

openSUSE-11.2
Rejected Information

Description

Also see https://bugzilla.novell.com/show_bug.cgi?id=518550 .

The default for home directories is 0755 (umask 022 in login.defs), and here's the fate entry to change it to 0711 (umask 066).

Discussion


icons/user_comment.png K. E. wrote: (8 years ago)

GNU/Linux is still Un*x and it is about cooperation.

Besides this, avery default is arguable as Thorsten pointed out in the referenced bug entry.  It ain't use changing it.

On sensible systems, better encrypt home directories.  Maybe, we should consider improving help texts and documentation if all this is not obvious to the user.

icons/user_comment.png J. E. wrote: (8 years ago)

What on earth does home directory encryption bring you if the volume is mounted anyway.

icons/user_comment.png P. B. wrote: (8 years ago)

Well, yes, it's a matter of taste.

But nevertheless, what advantage is there from having public-readable home directories ?

I think it's simply a conflict between two use cases:

  1. a server where many users access each other's files that are in their respective homes, e.g. sources of software development projects
  2. a workstation that is potentially used by several people, each having their account, and where files under each user's home should
    not be accessible to others by default

The only issue with changing 0755 to 0711 is
~/public_html
An even better solution could be to

  • create a dedicated group, e.g. "home"
  • put the user "www" into that group
  • change
    /etc/skel
    to
    root:home
    and 0750
  • change
    /etc/skel/public_html
    to
    root:wwwrun
    and 0750

Making it configurable could be done by having several home templates (skels), e.g.
/etc/skel.open
or
/etc/skel.restricted
, and then change the value of the variable
SKEL
in
/etc/default/useradd
through the YaST2 security settings module.

"it is about cooperation" - one could similarily argue that it is about security.

icons/user_comment.png J. E. wrote: (8 years ago)

Can you elaborate on this "issue" in "changing 0755 to 0711 is ~/public_html"? If ~ has +x (and public_html has too), wwwrun can enter it. Apache does not need readdir either, unless you, as a user, deliberately want to have it autoindex your public_html.

What about other possibilities?

* using 0751 and not adding user "wwwrun" to group "home"?

* 0750 user:home with a single ACL on /etc/skel for wwwrun:x-only

icons/user_comment.png A. J. wrote: (8 years ago)

What does the security team think about this? To me it looks like a safer default and therefore we should consider it.

icons/user_comment.png M. M. wrote: (8 years ago)

security is not an issue here at all, so don't misuse the term.

The issue is "secrecy" and "privacy".

I personally do not care either way. I thought about it and I usually do not access other peoples
homedirectories, so a suggestion with
mode 711 for ~, but
755 ~/public_html

seems sensible.

icons/user_comment.png K. E. wrote: (8 years ago)

Without changing the default umask value that would not buy us that much...

Innocent users would create directories such as "letters"... Better go for 700 and
give up on ~/public_html.

On the Mac, IIRC, obvious desktop directories such as ~/Pictures, ~/Music, ~/Documents, ~/Desktop, etc. are properly proected (700), but $HOME is still open (755) as it ever was.

Last change: 8 years ago
Voting
Score: 4
  • Negative: 1
  • Neutral: 0
  • Positive: 5
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint