On Wed, Feb 23, 2011 at 04:11:25PM -0500, Carlos Mennens wrote: > 1. Screen from console is not cleared as root or regular user once you log > out. If you use bash, add this to ~/.bash_logout: case "$(tty)" in /dev/tty[0-9][0-9]*) clear esac You could also get getty do the blanking as well if you wanted; it might even already be a configurable option. Or, you can just add a form feed to the top of /etc/issue. > 2. Users home directories get created with 755 permissions. Anyone can > access your home directory and files. Yes, other users can read (not modify) files. This is by design. You can set a different default by modifying DIR_MODE in /etc/adduser.conf. This was discussed just last week on -devel. Some people do want stricter permissions e.g. 0750, 0700. Debian can't provide a default that will satisfy everyone. But if you're unhappy with the default, it's easy enough to change. Who are you worried will be reading all your files? (I'm in the camp that prefers 0755; if I want to keep something private, I'll put it in a subdirectory with 0750 permissions. I find being able to share and collaborate with other users on the same system a boon, akin to leaving the blind up so people can look in, rather than bricking up the window.) > 3. Debian installer defaults to creating user group names which is just a > mess. This is good security practice. Every file and directory you create is owned by a user and a group. Having a user-private group means every file you create is owned by you, and you can then opt to change the group and perms. It's important when you're working in a multiuser environment, and does no harm for single user systems. Having a generic "users" group that's used by all users for all files is in fact far less secure than the 0755 permissions. http://wiki.debian.org/UserPrivateGroups Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Attachment:
signature.asc
Description: Digital signature