Re[2]: harden-debian script?
>From the adduser manpage:
If the file /usr/local/sbin/adduser.local exists, it will
be executed after the user account has been set up in
order to do any local setup. The arguments passed to
adduser.local are:
username uid gid home-directory
So by making /usr/local/sbin/adduser.local look like:
#!/bin/sh
chmod 700 $4
you can get the results you want in a round-about way.
--
Kevin - cog@iwz.com
--
>> user home directories (IMHO) should have the permissions 700.
>>
>> After I install new debian boxes the permissions are always something
>> like 755. This is bad in my opinion, for a multiuser box. On firewalls,
>> however, there should be very few people logging in at all and then only
>> to administer the box, not to read mail or anything like that. Therefore
>> this isn't much of an issue for firewall installs.
>>
>> Does anyone know why debian has such lax perms on home dirs?
> This seems to be determined in the adduser command, where I found the
> line:
> 482: my $default_dir_mode = 0755;
> There doesn't seem to be any way to configure this other than editing the
> code.
> While I'm interested in the problem, I have to say I would rather see this
> configurable in /etc/adduser.conf or from the command line rather than
> hard coded at 0700 or any other value.
> Cheers!
> Matthew
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> matthew whitworth
> matthew@okcomputer.org
> On Wed, 25 Oct 2000, Nate Campi wrote:
>> On Wed, 25 Oct 2000, Marcin Owsiany wrote:
>>
>> > Debian already has right permissions for files containing sensitive data
>> > (e.g. /etc/shadow).
>> >
>>
>> I agree with your statement, Marcin, except for one thing:
>> user home directories (IMHO) should have the permissions 700.
>>
>> After I install new debian boxes the permissions are always something
>> like 755. This is bad in my opinion, for a multiuser box. On firewalls,
>> however, there should be very few people logging in at all and then only
>> to administer the box, not to read mail or anything like that. Therefore
>> this isn't much of an issue for firewall installs.
>>
>> Does anyone know why debian has such lax perms on home dirs?
>>
>> Nate
>>
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>>
>>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: