[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751

Don Armstrong wrote:
On Thu, 16 Nov 2006, Olaf van der Spek wrote:
Adduser choses 751, which is wrong IMO, as the directories are still
readable, they're just not listable.

The directories aren't readable either; their contents may be, but you
can't see what the contents are.

I guess that depends on what a user's definition of a directory being readable means.
And it sounds a lot like security by obscurity.

~/public_html (probably) won't work with 751, but that's the choice
and problem of the administrator that choses no.

$ mkdir testing; echo 'hi' > testing/hello; chmod 0664 testing/hello; sudo chown root:root -R testing; sudo chmod 0751 testing;
$ cat testing/hello
$ ls testing
ls: testing: Permission denied
$ sudo chmod 750 testing;
$ cat testing/hello
cat: testing/hello: Permission denied

Any questions?

Yes, do you think 750 or 751 should be used?
Consider the case where a user wants an easy way to ensure that none of the files in his home directory are world-readable.
Olaf van der Spek

Reply to: