Jonathan Schleifer wrote:
This kind of paranoia adds nothing to security (~/.ssh and others that
need it are already set to restrictive permissions), and there is no
privacy from root no matter what. The rest is, again, personal
preference and/or something about local policies.
Ever heart of a multiuser system where one user shouldn't be able to
acces the files of another user? Not all users are thinking about this
issue and many forget to change the modes for confidential files. IMO,
But keeping confidential files on "true" multiuser systems is stupid ...
IMNSHO. And you cannot hide anything from the administrator. You depend
on how well the admin is capable of securing the rest of the system and
not have it rooted by a 3rd party(*) including the other users.
Other than that, I wrote how easy it is to close down the home
directories - the permissions of everything in /etc/skel, the directory
itself included, propagate to new user's homedirectories. After that,
things like the umask don't matter at all, because only the user
him/herself and root can enter the respective homes.
If I, as the admin, want or have to hide things from the users, then
that's fine and not related to home directory permissions. Stuff like
/etc/ssl/private. Other than that, I create new users for them to be
able to work together, or with my own regular user account. Or, I create
new users and give them certain administrative rights on a special
purpose box. If I create new users for the sake of them having a Unix
shell, then it's something different, but this is so very rare ... and
there really shouldn't be any confidential things on such a multiuser
shell server. Who says that the admin is any more trustworthy than some
other, regular users?
Moritz
*: OpenBSD had only one remote hole in the default install, but a few
more (very few, relatively speaking) local root vulnerabilities. And
there are also still numerous ways of breaking OpenBSD inspite of sane
defaults and exploit mitigation techniques in place.
In the end, it simply boils down on properly assessing risks, giving a
box a defined purpose (even if it's an "eierlegende Wollmilchsau"(**)),
and enforcing an appropriate security and usage policy. Solving social
problems with social means is often enough the only viable way.
**: Rough translation: A fictional all-purpose animal; a sow that grows
wool, gives milk and lays eggs.
