Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
- To: debian-devel@lists.debian.org
- Subject: Re: Bug#398793: [Adduser-devel] Bug#398793: adduser: Non system wide readable (home) directories should not be 751
- From: Wouter Verhelst <wouter@debian.org>
- Date: Wed, 6 Dec 2006 21:53:13 +0100
- Message-id: <[🔎] 20061206205313.GC7202@country.grep.be>
- In-reply-to: <20061125000746.GC20388@javifsp.no-ip.org>
- References: <20061115151958.22207.99046.reportbug@localhost> <20061115175642.GA25828@www.lobefin.net> <20061115220524.GB20412@torres.l21.ma.zugschlus.de> <455B8F9C.9050303@LIACS.NL> <20061115223856.GC20412@torres.l21.ma.zugschlus.de> <455C9C42.6020005@LIACS.NL> <20061117050605.GC13589@archimedes.ucr.edu> <455D5A08.3040209@LIACS.NL> <20061117130431.GA11852@www.lobefin.net> <20061125000746.GC20388@javifsp.no-ip.org>
On Sat, Nov 25, 2006 at 01:07:47AM +0100, Javier Fernández-Sanguino Peña wrote:
> On Fri, Nov 17, 2006 at 01:04:31PM +0000, Stephen Gran wrote:
> >
> > As others have pointed out, umask is probably the correct way to make
> > sure that your files are not world readable. This could trivially be
> > added to /etc/profile or something.
>
> Yes, there are multiple ways to change Debian's default umask, all of those
> are listed in the "Securing Debian Manual": 4.11.11 Setting users umasks
> http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.11.11
>
> If there any alternatives I've missed please say so.
PAM. However, you should purge gdm off your system if you choose to do
so, since gdm goes around mucking with your umask when it shouldn't.
That's #336214, #368080, #314791, /and/ #321620 (even though the latter
two are tagged "pending" since over a year)
--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22
Reply to: