[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Default Homedir Permissions

On Thu, Feb 17, 2011 at 2:44 PM, Ian Jackson
<ijackson@chiark.greenend.org.uk> wrote:
> Olaf van der Spek writes ("Default Homedir Permissions"):
>> Default homedir permissions are 755. World-readable (and listable).
>> Common (security) sense says that permissions that are not required
>> should not be granted. For example, accounts mysql and www-data should
>> not have access to my documents.
> I disagree with this conclusion, because I disagree with the
> underlying implication that the general readability of files is not
> needed.

> Most installed systems have a smallish number of users who know each
> other reasonably well and would like to be able to share files.  It

What are those assumptions based on?
And how do you go from "want to share some files" to "default to share
all files"?

> does not make sense to put strong privacy barriers in between those
> users.  Sensitive data like email and browser histories are already
> made non-world-readable.

chmod 755 ~ is not a hard way to remove the barrier.

> So the default is correct.
> Perhaps it might be reasonable to try to find a way for accounts like
> msql and www-data not to be able to access home directories (add
> "daemon" to their supplementary group list and set the permissions of
> /home 0705 to root.daemon, perhaps), but is this really worthwhile ?

That would be another violation of general security principles (access
control based on exlcusion instead of inclusion);

> If it is, the right thing to do is to go away and think about exactly
> how to do it, not to file a bug asking for the default home directory
> permissions to be changed.

The bug wasn't about that, although it was related.


Reply to: