[Adduser-devel] Bug#398793: Default Homedir Permissions
Marco d'Itri
md at Linux.IT
Thu Feb 17 16:16:49 UTC 2011
On Feb 17, Ian Jackson <ijackson at chiark.greenend.org.uk> wrote:
> I disagree with this conclusion, because I disagree with the
> underlying implication that the general readability of files is not
> needed.
Agreed.
> Perhaps it might be reasonable to try to find a way for accounts like
> msql and www-data not to be able to access home directories (add
> "daemon" to their supplementary group list and set the permissions of
> /home 0705 to root.daemon, perhaps), but is this really worthwhile ?
We have ACLs, but I believe that the local requirements vary enough
that it is not worth the effort.
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20110217/32df21ba/attachment.pgp>
More information about the Adduser-devel
mailing list