[Adduser-devel] Package: adduser

Roland Bauerschmidt roland@hbg-bremen.de
Thu, 3 Mar 2005 15:23:29 +0100

Roland Kasprzak wrote:
> i am a user of Debian for some years and i work as a trainer in Linux.
> I often have to handle with the default settings i the adduser-script 
> for "dir_mode". In the most trainings there is the question "How can 
> Debian be a secure system with such default settings in adduser?". Other 
> Linux-distributions got settings like 700. I also think default settings 
> in the adduser-scrpit for "dir_mode" should NOT be 755 like they are in 
> all actual packages (adduser_3.47_all.deb, adduser_3.59_all.deb and 
> adduser_3.62_all.deb).
> I hope you all will change these settings.

I don't believe a directory mode of 0700 is right default setting. It
breaks Apache's UserDir option, for example. A much more sensible choice
would be 0711 which will continue to allow access to known files and
directories such as public_html. Even though I don't think it would
increase security significantly, I agree that it is probably a better
default choice. However, I leave this up to Marc Haber.