Re: [users] Re: Why can't I?

To: debian-user@lists.debian.org
Subject: Re: [users] Re: Why can't I?
From: D-Man <dsh8290@rit.edu>
Date: Thu, 14 Jun 2001 12:07:33 -0400
Message-id: <[🔎] 20010614120733.B29905@harmony.cs.rit.edu>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20010614074432.A31876@micromuse.com>; from nnorman@micromuse.com on Thu, Jun 14, 2001 at 07:44:32AM -0500
References: <[🔎] 20010613165144.A18049@fishbowl.madduck.net> <[🔎] 00bd01c0f41b$9adc0a20$5b6510ac@flowserve.com> <[🔎] 01bd01c0f41f$f9484340$0201a8c0@cyanide.loc> <[🔎] 20010613131149.C27218@harmony.cs.rit.edu> <[🔎] 20010613151752.M8955@plato.local.lan> <[🔎] 20010613231435.B27947@harmony.cs.rit.edu> <[🔎] 20010614074432.A31876@micromuse.com>

On Thu, Jun 14, 2001 at 07:44:32AM -0500, Nathan E Norman wrote:
| On Wed, Jun 13, 2001 at 11:14:35PM -0400, D-Man wrote:
| > On Wed, Jun 13, 2001 at 03:17:52PM -0800, Ethan Benson wrote:
| > | On Wed, Jun 13, 2001 at 01:11:49PM -0400, D-Man wrote:
| > | > By "make my machine download things" do you mean that he logs in and
| > | > uses ftp or a web browser?  If so, then he ought to be downloading the
| > | > stuff into his own home directory.  By default (and quite naturally)
| > | > users _can't_ see someone else's home directory unless that person
| > | > explicitly makes it readable.
| > | 
| > | wrong, debian creates home directories mode 755, world readable by
| > | default like all other *nixes that have come before it.  
| > 
| > Why would all other *nixes default to being insecure?  I don't know
| > where it is set (possibly by the admin after using useradd), but the
| > home directories on the Solaris system at school are not world
| > readable unless one makes theirs so.
| 
| Can you explain why world readable home dirs are considered insecure
| by default?  

It seems natural to me that my home dir is my own private property.
Kind of like having your own room or a clubhouse as a kid, with a sign
"Keep Out" on the door.  Making it world readable seems like leaving
the door open, then wondering why someone is able to snoop about ;-).

| If you can't I suggest you retract your assertion that all unices
| are insecure by default (you possibly could argue that if
| you weren't claiming this was because of world readable home dirs :)

I don't mean that unix in general is insecure, but that in this
particular aspect it seems to be.

| Consider that your having the ability to read and execute my home dir
| does not necessarily confer the ability to read the files within that
| directory.

This is a good point, though I still don't know why the default would
allow someone else to use 'ls' on my home.

| Are you sure the "Solaris system at school" has not had its config
| tweaked at all after it was installed?

I did mention that I don't know what method the admin uses to create
the accounts and if it was the system or the admin that set the home
dirs to not-world readable.

<quote from above>
(possibly by the admin after using useradd)
</quote>


I wasn't really complaining, just curious.  I am certain that there is
some history buried in here, like a great deal of other features in
Unix.

-D

Reply to:

Follow-Ups:
- Re: [users] Re: Why can't I?
  - From: Dave Sherohman <esper@sherohman.org>

References:
- Re: [users] Re: Why can't I?
  - From: MaD dUCK <madduck@madduck.net>
- Re: [users] Re: Why can't I?
  - From: "Hall Stevenson" <hallstevenson@mindspring.com>
- Re: [users] Re: Why can't I?
  - From: "Auke van der Gaast" <deflect@chello.nl>
- Re: [users] Re: Why can't I?
  - From: D-Man <dsh8290@rit.edu>
- Re: [users] Re: Why can't I?
  - From: Ethan Benson <erbenson@alaska.net>
- Re: [users] Re: Why can't I?
  - From: D-Man <dsh8290@rit.edu>
- Re: [users] Re: Why can't I?
  - From: Nathan E Norman <nnorman@micromuse.com>

Prev by Date: man problem
Next by Date: Re: Message on console not updated
Previous by thread: Re: [users] Re: Why can't I?
Next by thread: Re: [users] Re: Why can't I?
Index(es):
- Date
- Thread