Re: Seeking consensus for some changes in adduser
On Mon, 2022-11-28 at 15:50 +0000, Benjamin Drung wrote:
> Ubuntu changed the default DIR_MODE to 0750 in January 2021 [1] with the
> same intention than Debian now. I like to see Debian and Ubuntu agree on
> one default DIR_MODE to keep the package difference small and make
> documentation shareable.
>
> Since users have their own primary group, it makes more sense to
> have this users group have read access. So people can easily add users
> to other users groups to give them read access. I read through the mails
> on Debian and found no mentioning about 0750 (and therefore no reason
> against it). Therefore I suggest to change the default permission for
> users from 0700 to 0750.
>
> [1] https://launchpad.net/bugs/48734
That does not seem to be a good idea to me.
The user-specific groups exist so umask != 077 can work in some way.
Adding other users to the group bypasses that and I think should not to
recommended to be used. If you use umask 007[2] because that seems safe
with usergroups, it suddenly is not.
If people insist on doing that, they can still change the permissions
of their home directory. But I don't think this is a good argument for
changing the default (rather the opposite).
Ansgar
[2]: For example taken from man:pam_umask(8) for the usergroups
option.
Reply to: