Re: Default valid shells and home dir permissions
On 01/12/12 16:16, Karl Goetz wrote:
> On Thu, 12 Jan 2012 11:19:41 +0100
> Poison Bit <poisonbit@gmail.com> wrote:
>
>> On Thu, Jan 12, 2012 at 7:48 AM, Davit Avsharyan
>> <avsharyan@gmail.com> wrote:
>>> I know how to change it :). I just wanted to understand why it
>>> comes with 755 and not 700 ?
>>> Few years ago, if I'm not mistaken, everything was 700.
>> No less than 9 years.
>> One possible reason for this default, maybe if I'm not mistaken, to
>> keep UserDir working in apache (?)
> Apache can traverse a 701 directory. Don't know about other web
> servers. Other reasons i've seen mentioned in the past include making
> it easier for users to share their files, but i don't remember where i
> read that anymore.
> thanks,
> kk
>
Another good reason is for users to be able to accumulate data, like
images. On many systems users working as a group is advantageous! For
example most internal servers would have 751 with groups like
hr/noc/sales/support where each member of a group can see most of the
other members files. For larg"er" corporations there internal servers
might be allocated to a group, where splitting up member ship would be
meaningless.
It's only in rare cases where the server is to be used externally where
701 would make any sense!
Keep in mind Debian may also be deployed in cases where SOXS and PCI
don't even rate consideration. In these cases it's perfectly fine to
have noc, sales, and support to all have access into each others homes.
Granted HR should likely be on there own systems or given protected home
folders.
I would advise a 'private' folder being optionally created for users.
Reply to: