[Adduser-devel] Open Home directory

Marc Haber mh+adduser-devel@zugschlus.de
Thu, 9 Jun 2005 10:56:02 +0200

On Thu, Jun 09, 2005 at 10:28:12AM +0200, Christian Knoke wrote:
> the adduser package has an option to choose, whether the home directory of
> the user will be readable for all users on the system, or not. The default
> is, it will be.

That's how we always handled things.

> This can result in a security hole, when people accept the default without
> much reading

People who do not read what the distribution shows on installation,
and who do not check permissions before putting a system in multi
user mode should not be in charge of multi user systems.

> (if I'm not mistaken, it is not even l10n'd during install).

The template is translated to cs, da, de, es, eu, fr, it, ja, nl,
pt_BR, ru and uk. If the translated versions are not shown, please
file a bug against the appropriate parts of the system.

> I suggest to put the default on 'No'.

The default of a package this important is not going to change without
a _very_ good reason. Local stupidity and laziness does not count.

> If this is not possible for some
> reason, I suggest to write a big warning what that means.

How do you suggest guaranteeing that people will read that warning
after having ignored the warning in the question template? IMO, this
doesn't solve the issue.

Frankly, I do not plan to change the default to have people yelling at
me that the default permissions are too tight. The issue is
configurable with a sensible default that everybody is used to.

If you do not agree, please talk to the technical committee.

Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835