[Adduser-devel] Bug#398793: Default Homedir Permissions

Roger Leigh rleigh at codelibre.net
Thu Feb 17 15:24:10 UTC 2011


On Thu, Feb 17, 2011 at 04:07:12PM +0100, Olaf van der Spek wrote:
> On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh <rleigh at codelibre.net> wrote:
> > In general, I think it's fair to say that the average Debian
> > installation does not require Fort Knox levels of security.  Simply
> > allowing other people to read our files is often something desirable;
> 
> Does other refer to other users, all other accounts or the entire world?

It refers to S_IRWXO, which is what this bug is about.  What that
means in practice is up to you.

> > if I have something especially secret, I'll take steps to make sure
> > it's not readable or writeable by anyone except me.  But in general,
> > it's not a bad thing that others can see my stuff.  I can always keep
> > private things in a 0700 subdirectory.
> 
> You can, but you can easily forget that.
> Note that defaulting to private does not prevent you from changing the
> permissions.
…
> Like backups, the need for security is often discovered after it was necessary.

Yes, but like everything there is a tradeoff.  A totally secure system
is an unusable system.  Having to instruct every user how to relax the
permissions to allow others to access their files, or allow their web
pages to be visible, is effectively pointless make-work if that was what
you wanted in the first place.  And for most people, I would argue that
/is/ what is wanted.

Remember that historically, multi-user systems have been about sharing
and collaboration, not isolation in walled-off prisons.  I know which
type of system I want, and it's not the latter.

0755 is not inherently insecure.  Others can't make any changes, but
they can look.  The only issue here is accidental disclosure of
information intended to be private.

I would argue that a change that /would/ make a real difference, would
be to have (as an example) emblems in Nautilus that flag files and
folders depending on if other people have read or write access.  That
would visually show what is (and is not) secure either by intention or
by accident.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20110217/7ca949c8/attachment.pgp>


More information about the Adduser-devel mailing list