Re: rwxr-xr-x /root
On Sat, Nov 11, 2000 at 09:11:35PM -0500, H. S. Teoh wrote:
> This is just IMHO, but normal home directories shouldn't be 755 either. Or
> at least, the *default* shouldn't be 755. Users' files should be private
> by default, unless *they* consciously choose to make it publicly
> available.
>
> <rant> Saying that default 755 for home dirs is a bit like saying an OS
rant. rant. rant. try looking into the issue a little deeper next time
rather than just going off on a panic attack about a non-problem.
755 home directories are NOT a security hole, and in fact are necessary
for many "normal" tasks that users wish to perform. ~/public_html/ for
example....every directory in the tree above it has to be world readable
and world-executable for apache to serve ~ pages.
debian's default is 755 for home dirs, and 002 for umask. perfectly
adequate for most needs. anyone with special needs can create a 700
subdirectory or change their umask (btw, even that is not "secure",
and any user who thinks that their files are secure is suffering from
self-delusion - anyone with root access on the machine has full access
to all of their files).
in short, it's not a problem. at least, it's not a technological
problem. if you want your files to be secure then you have to take
adequate security precautions - e.g. encrypting files and not leaving
them (or the secret keys) on a multi-user or public access machine.
craig
--
craig sanders
Reply to: