[Bug 48734] Re: Home permissions too open
Giovanni Pelosi
48734 at bugs.launchpad.net
Sat Jan 16 11:33:46 UTC 2021
Probably, behind the original decision there were also issues of home
access, required by some unprivileged services, like apache (userdir).
Today, letting all users accessing any ~/Doc,~/Pic,~/Video look like a
huge security hole (MS Windows deny this).
But anyway, today 'user' access should support user namespaces
(subuid/subgid)
This is required for rootless container development (podman, docker).
Another point is "sandbox model" by snap/flatpak.
In particular in "partial" supported scenarios: Snap+SeLinux (fedora)
and Flatpak+AppArmor (ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Committed
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Committed
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
More information about the foundations-bugs
mailing list