Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751

To: Gabor Gombas <gombasg@sztaki.hu>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
From: Olaf van der Spek <OvdSpek@LIACS.NL>
Date: Fri, 17 Nov 2006 13:11:26 +0100
Message-id: <[🔎] 455DA6EE.90808@LIACS.NL>
In-reply-to: <[🔎] 20061117103304.GD28925@boogie.lpds.sztaki.hu>
References: <20061115151958.22207.99046.reportbug@localhost> <20061115175642.GA25828@www.lobefin.net> <20061115220524.GB20412@torres.l21.ma.zugschlus.de> <455B8F9C.9050303@LIACS.NL> <20061115223856.GC20412@torres.l21.ma.zugschlus.de> <[🔎] 455C9C42.6020005@LIACS.NL> <[🔎] 20061117050605.GC13589@archimedes.ucr.edu> <[🔎] 455D5A08.3040209@LIACS.NL> <[🔎] 20061117103304.GD28925@boogie.lpds.sztaki.hu>

Gabor Gombas wrote:

On Fri, Nov 17, 2006 at 07:43:20AM +0100, Olaf van der Spek wrote:
I guess that depends on what a user's definition of a directory beingreadable means.
There is just one definition for that: whether open(...,
O_RDONLY|O_DIRECTORY) succeeds or not.


Sounds like the wrong definition.

And it sounds a lot like security by obscurity.


No, you just need a basic understanding of UNIX permissions to make use
of it.


So what is the purpose of using 751 (besides security through obscurity)?

Consider the case where a user wants an easy way to ensure that none ofthe files in his home directory are world-readable.
The easy way is "chmod -R o-r $HOME".

If you really-really want to accomodate dumb users who has no idea of
UNIX permissions, then

- move public_html out of /home (we used a /public hierarchy mirroring
  the layout of /home)


Is a Debian system required to use Apache with user dirs?

On the other hand, power users quickly got accustomed to using ACLs when
they wanted to make their home directories visible by just their friends
only or they wanted public_html only accessible through the web but not
through the filesystem (think passowrd-protected files).


That doesn't sound right either.

With PHP you can easily read those files from another user/vhost ifthey're world-readable.

--
Olaf van der Spek
http://xccu.sf.net/

Reply to:

Follow-Ups:
- Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
  - From: Gabor Gombas <gombasg@sztaki.hu>

References:
- Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
  - From: Olaf van der Spek <OvdSpek@LIACS.NL>
- Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
  - From: Don Armstrong <don@debian.org>
- Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
  - From: Olaf van der Spek <OvdSpek@LIACS.NL>
- Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
  - From: Gabor Gombas <gombasg@sztaki.hu>

Prev by Date: Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
Next by Date: Re: flock() and sendmail
Previous by thread: Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
Next by thread: Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
Index(es):
- Date
- Thread