[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751

On Fri, Nov 17, 2006 at 07:43:20AM +0100, Olaf van der Spek wrote:

> I guess that depends on what a user's definition of a directory being 
> readable means.

There is just one definition for that: whether open(...,
O_RDONLY|O_DIRECTORY) succeeds or not.

> And it sounds a lot like security by obscurity.

No, you just need a basic understanding of UNIX permissions to make use
of it.

> Yes, do you think 750 or 751 should be used?

Depends on what do you want to achieve. The debconf question is only
shown to the sysadmin, and if the sysadmin has no idea of UNIX
permissions, then he/she should better not manage a multi-user system...

> Consider the case where a user wants an easy way to ensure that none of 
> the files in his home directory are world-readable.

The easy way is "chmod -R o-r $HOME".

If you really-really want to accomodate dumb users who has no idea of
UNIX permissions, then

- move public_html out of /home (we used a /public hierarchy mirroring
  the layout of /home)
- run a cron script every couple of minutes that unconditionally changes
  home directories to mode 750 (well, we used 700), and their /public
  counterparts to mode 755
- put a symlink under $HOME when the account is created that points to
  the appropriate place under /public for user convenience
- modify the daemons you'd like to access user data to use /public
  instead of /home

And yes, you _do_ need that cron script that often otherwise some dumb
users just change the permissions (usual explanation "they saw a chmod
command on the web and tried it" without knowing what it does) and then
complain loudly that their home directories "mysteriously" became
readable or their web pages "mysteriously" stopped working.

On the other hand, power users quickly got accustomed to using ACLs when
they wanted to make their home directories visible by just their friends
only or they wanted public_html only accessible through the web but not
through the filesystem (think passowrd-protected files).


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences

Reply to: