Re: harden-debian script?
On Wed, 25 Oct 2000, Marcin Owsiany wrote:
> Debian already has right permissions for files containing sensitive data
> (e.g. /etc/shadow).
I agree with your statement, Marcin, except for one thing:
user home directories (IMHO) should have the permissions 700.
After I install new debian boxes the permissions are always something
like 755. This is bad in my opinion, for a multiuser box. On firewalls,
however, there should be very few people logging in at all and then only
to administer the box, not to read mail or anything like that. Therefore
this isn't much of an issue for firewall installs.
Does anyone know why debian has such lax perms on home dirs?