when using for instance
useradd jack -m -G users,wheel,audio -s /bin/bash
the homedir /home/jack gets the permissions 755. This is totally wrong. Can this be fixed?
Steps to Reproduce:
Portage 2.0.51-r2 (default-x86-2004.2, gcc-3.3.4, glibc-126.96.36.19940808-r1, 2.6.9
System uname: 2.6.9 i686 Intel(R) Pentium(R) M processor 1400MHz
Gentoo Base System version 1.4.16
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
CFLAGS="-O2 -march=pentium3 -msse2 -fomit-frame-pointer -pipe"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown
/usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium3 -msse2 -fomit-frame-pointer -pipe"
FEATURES="autoaddcvs ccache distcc distlocks sandbox"
USE="X acpi alsa bitmap-fonts bonobo crypt cups foomaticdb gnome gtk gtk2
ithreads jpeg mmx moznocompose moznoirc mozsvg ncurses nls nodrm oggvorbis pam
png ppds qt readline spell sse sse2 ssl tetex truetype unicode x86 xprint zlib"
*** Bug 69784 has been marked as a duplicate of this bug. ***
it's supposed to be like that
from shadow's useradd.c source:
* create_home - create the user's home directory
* create_home() creates the user's home directory if it does not
* already exist. It will be created mode 755 owned by the user
* with the user's default group.
Well, but you see my point, right? And I am sure it wasn't always this way, because I remember not being able to look into another users dir some time ago. These directories are considered to be private. No other individual other than BOFH should be able to go into them.
Well, maybe I see things wrong. But I like to think I'm not.
yes i see the point, but it's not a bug in the code ;)
i'll e-mail upstream and see how they feel about changing the default
*** Bug 71347 has been marked as a duplicate of this bug. ***
*** Bug 91166 has been marked as a duplicate of this bug. ***
why? This is complete fuckup?
Created attachment 57847 [details, diff]
patch to fix
patch to fix
755 is correct.
contains my ebuild to fix problem.
Well. It is correct, but _insecure_ way. If this is not fixed by coder then is should be fixed by vendor patch (Gentoo)
Insecure? Hardly. It's a sane default. If you don't like it, change it manually.
How about making it configurable?
Comment #13: Use app-admin/superadduser and configure it there. IIRC it has 711 as default. Also, is it pretty much configurable with chmod. ;-)
*** Bug 179319 has been marked as a duplicate of this bug. ***