Re: harden-debian script?
> user home directories (IMHO) should have the permissions 700.
>
> After I install new debian boxes the permissions are always something
> like 755. This is bad in my opinion, for a multiuser box. On firewalls,
> however, there should be very few people logging in at all and then only
> to administer the box, not to read mail or anything like that. Therefore
> this isn't much of an issue for firewall installs.
>
> Does anyone know why debian has such lax perms on home dirs?
This seems to be determined in the adduser command, where I found the
line:
482: my $default_dir_mode = 0755;
There doesn't seem to be any way to configure this other than editing the
code.
While I'm interested in the problem, I have to say I would rather see this
configurable in /etc/adduser.conf or from the command line rather than
hard coded at 0700 or any other value.
Cheers!
Matthew
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
matthew whitworth
matthew@okcomputer.org
On Wed, 25 Oct 2000, Nate Campi wrote:
> On Wed, 25 Oct 2000, Marcin Owsiany wrote:
>
> > Debian already has right permissions for files containing sensitive data
> > (e.g. /etc/shadow).
> >
>
> I agree with your statement, Marcin, except for one thing:
> user home directories (IMHO) should have the permissions 700.
>
> After I install new debian boxes the permissions are always something
> like 755. This is bad in my opinion, for a multiuser box. On firewalls,
> however, there should be very few people logging in at all and then only
> to administer the box, not to read mail or anything like that. Therefore
> this isn't much of an issue for firewall installs.
>
> Does anyone know why debian has such lax perms on home dirs?
>
> Nate
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: