Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 69783 - useradd creates homedirs with 755 - should rather be 700
Summary: useradd creates homedirs with 755 - should rather be 700
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo's Team for Core System packages
: 69784 71347 91166 179319 (view as bug list)
Depends on:
Reported: 2004-11-01 17:28 UTC by Sebastian
Modified: 2007-05-21 17:53 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

patch to fix (shadow-4.0.5-remove-insecure-homedircreating.patch,336 bytes, patch)
2005-05-02 09:24 UTC, Eero Volotinen
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian 2004-11-01 17:28:11 UTC

when using for instance

useradd jack -m -G users,wheel,audio -s /bin/bash

the homedir /home/jack gets the permissions 755. This is totally wrong. Can this be fixed?

Reproducible: Always
Steps to Reproduce:

emerge info
Portage 2.0.51-r2 (default-x86-2004.2, gcc-3.3.4, glibc-, 2.6.9
System uname: 2.6.9 i686 Intel(R) Pentium(R) M processor 1400MHz
Gentoo Base System version 1.4.16
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-
Headers:  sys-kernel/linux26-headers-
Libtools: sys-devel/libtool-1.5.2-r5
CFLAGS="-O2 -march=pentium3 -msse2 -fomit-frame-pointer -pipe"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown
/usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium3 -msse2 -fomit-frame-pointer -pipe"
FEATURES="autoaddcvs ccache distcc distlocks sandbox"
USE="X acpi alsa bitmap-fonts bonobo crypt cups foomaticdb gnome gtk gtk2
ithreads jpeg mmx moznocompose moznoirc mozsvg ncurses nls nodrm oggvorbis pam
png ppds qt readline spell sse sse2 ssl tetex truetype unicode x86 xprint zlib"
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-11-01 18:16:03 UTC
*** Bug 69784 has been marked as a duplicate of this bug. ***
Comment 2 SpanKY gentoo-dev 2004-11-01 18:27:07 UTC
it's supposed to be like that

from shadow's useradd.c source:
 * create_home - create the user's home directory
 *  create_home() creates the user's home directory if it does not
 *  already exist. It will be created mode 755 owned by the user
 *  with the user's default group.
Comment 3 Sebastian 2004-11-01 22:09:53 UTC
Well, but you see my point, right? And I am sure it wasn't always this way, because I remember not being able to look into another users dir some time ago. These directories are considered to be private. No other individual other than BOFH should be able to go into them.

Well, maybe I see things wrong. But I like to think I'm not.


Comment 4 SpanKY gentoo-dev 2004-11-01 22:17:05 UTC
yes i see the point, but it's not a bug in the code ;)

i'll e-mail upstream and see how they feel about changing the default
Comment 5 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2004-11-15 19:07:47 UTC
*** Bug 71347 has been marked as a duplicate of this bug. ***
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2005-05-02 06:44:20 UTC
*** Bug 91166 has been marked as a duplicate of this bug. ***
Comment 7 Eero Volotinen 2005-05-02 07:24:00 UTC
why? This is complete fuckup?

Comment 8 Eero Volotinen 2005-05-02 09:24:53 UTC
Created attachment 57847 [details, diff]
patch to fix

patch to fix
Comment 9 Ciaran McCreesh 2005-05-02 09:32:07 UTC
755 is correct.
Comment 10 Eero Volotinen 2005-05-02 09:32:51 UTC

contains my ebuild to fix problem.
Comment 11 Eero Volotinen 2005-05-02 09:34:12 UTC
Well. It is correct, but _insecure_ way. If this is not fixed by coder then is should be fixed by vendor patch (Gentoo) 
Comment 12 Ciaran McCreesh 2005-05-02 09:38:16 UTC
Insecure? Hardly. It's a sane default. If you don't like it, change it manually.
Comment 13 Eero Volotinen 2005-05-02 09:42:05 UTC
How about making it configurable? 
Comment 14 Jakub Moc (RETIRED) gentoo-dev 2005-05-02 12:34:07 UTC
Comment #13: Use app-admin/superadduser and configure it there. IIRC it has 711 as default. Also, is it pretty much configurable with chmod. ;-)
Comment 15 Jakub Moc (RETIRED) gentoo-dev 2007-05-21 17:53:16 UTC
*** Bug 179319 has been marked as a duplicate of this bug. ***