Summary: | useradd creates homedirs with 755 - should rather be 700 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sebastian <sebastian_ml> |
Component: | [OLD] Core system | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | VERIFIED WORKSFORME | ||
Severity: | normal | CC: | eero, federico, mycroes |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | patch to fix |
Description
Sebastian
2004-11-01 17:28:11 UTC
*** Bug 69784 has been marked as a duplicate of this bug. *** it's supposed to be like that from shadow's useradd.c source: /* * create_home - create the user's home directory * * create_home() creates the user's home directory if it does not * already exist. It will be created mode 755 owned by the user * with the user's default group. */ Well, but you see my point, right? And I am sure it wasn't always this way, because I remember not being able to look into another users dir some time ago. These directories are considered to be private. No other individual other than BOFH should be able to go into them. Well, maybe I see things wrong. But I like to think I'm not. Regards Sebastian yes i see the point, but it's not a bug in the code ;) i'll e-mail upstream and see how they feel about changing the default *** Bug 71347 has been marked as a duplicate of this bug. *** *** Bug 91166 has been marked as a duplicate of this bug. *** why? This is complete fuckup? Created attachment 57847 [details, diff]
patch to fix
patch to fix
755 is correct. http://pronics.fi/~eero/mirrors/shadow-fixes.tar.bz2 contains my ebuild to fix problem. Well. It is correct, but _insecure_ way. If this is not fixed by coder then is should be fixed by vendor patch (Gentoo) Insecure? Hardly. It's a sane default. If you don't like it, change it manually. How about making it configurable? Comment #13: Use app-admin/superadduser and configure it there. IIRC it has 711 as default. Also, is it pretty much configurable with chmod. ;-) *** Bug 179319 has been marked as a duplicate of this bug. *** |