On Wed, Oct 25, 2000 at 05:15:34PM -0700, Matthew Whitworth wrote: > > > user home directories (IMHO) should have the permissions 700. > > > > After I install new debian boxes the permissions are always something > > like 755. This is bad in my opinion, for a multiuser box. On firewalls, > > however, there should be very few people logging in at all and then only > > to administer the box, not to read mail or anything like that. Therefore > > this isn't much of an issue for firewall installs. > > > > Does anyone know why debian has such lax perms on home dirs? > > This seems to be determined in the adduser command, where I found the > line: > > 482: my $default_dir_mode = 0755; > > There doesn't seem to be any way to configure this other than editing the > code. > > While I'm interested in the problem, I have to say I would rather see this > configurable in /etc/adduser.conf or from the command line rather than > hard coded at 0700 or any other value.
Yes it would be much better if it was configurable in /etc/adduser.conf That's probably why it is.. /etc/adduser.conf:51 # If DIR_MODE is set, directories will be created with the specified # mode. Otherwise the default mode 0755 will be used. DIR_MODE=0755 If I change this to 0700 ... Adding user foobar... <snip> drwx------ 2 foobar foobar 4096 Oct 25 14:37 /home/foobar Whether or not the permissions should be something OTHER than 0755 (the default), is more of a matter of site policy.. Has anyone filed a wishlist bug on adduser? I'm on Debian/woody, with adduser 3.19, perhaps this option is not available in potato(stable) but considering that IIRC, that was only a few minor releases away.. I'd find that a bit unlikely.. -- +------------------------------------------------------------- | Brian Russo <[EMAIL PROTECTED]> GPG ID: 54D81666 | 404E 87E8 DD0C 275B 742B 09AD 2243 839C 54D8 1666
