On Sat, Feb 19, 2011 at 10:49 AM, Olaf van der Spek
wrote:
> On Fri, Feb 18, 2011 at 9:19 AM, Stephen Gran wrote:
>> I don't want to prolong this thread, but this seemed useful to answer.
>>
>> I certainly have no intention of changing the default on my own.
>
> Could you at least fix the origina
On 17 February 2011 16:36, Lars Wirzenius wrote:
> It would be really cool if there was an automatic auditor for people to
> use. Not just showing emblems in Nautilus, but offering to fix things as
> well. Here's how I imagine it might work.
(...)
>From your description you are not looking at an
Lars Wirzenius writes:
> The auditor then looks for things in the system, and in home
> directories, which might be problems. For example, if it's meant to be a
> mail server with a lot of security, having telnetd installed and running
> would be a problem for it to flag. Likewise, it might flag h
On Sat, 19 Feb 2011 10:47:42 +0100, Olaf van der Spek
wrote:
>On Sat, Feb 19, 2011 at 9:10 AM, Marc Haber
> wrote:
>>>On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
Perhaps it might be reasonable to try to find a way for accounts like
msql and www-data not to be able to acc
On Sat, Feb 19, 2011 at 11:43 AM, Roger Leigh wrote:
> We could even do the opposite (create a "public" folder) if the
> permissions are 0750, though this would require either 0751 or
> ACLs to be actually accessible. Again, we could include a README file
> instructing the user how to do this.
O
On Thu, Feb 17, 2011 at 11:55:16AM -0500, Martin Owens wrote:
> > 0755 is not inherently insecure. Others can't make any changes, but
> > they can look. The only issue here is accidental disclosure of
> > information intended to be private.
>
> If public by default is the way we want to go, the
On Fri, Feb 18, 2011 at 9:19 AM, Stephen Gran wrote:
> I don't want to prolong this thread, but this seemed useful to answer.
>
> I certainly have no intention of changing the default on my own.
Could you at least fix the original bug and ensure preseeding works?
Olaf
--
To UNSUBSCRIBE, email
On Sat, Feb 19, 2011 at 9:10 AM, Marc Haber
wrote:
>>On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
>>> Perhaps it might be reasonable to try to find a way for accounts like
>>> msql and www-data not to be able to access home directories (add
>>> "daemon" to their supplementary group
On Fri, 18 Feb 2011 08:19:08 +, Stephen Gran
wrote:
>I certainly have no intention of changing the default on my own.
>My hope is that Debian is used in ways I can't imagine, and I can not
>begin to cater to all of the variety of needs that current and future
>users will want. I think that 07
On Thu, 17 Feb 2011 15:06:59 +, Roger Leigh
wrote:
>On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
>> Perhaps it might be reasonable to try to find a way for accounts like
>> msql and www-data not to be able to access home directories (add
>> "daemon" to their supplementary group
On Thu, 17 Feb 2011 14:58:36 +, Roger Leigh
wrote:
>Should it be locked down like Fort Knox?
No. That'll lead to inexperienced users working as root since they're
too stup^winexperienced to grok permissions.
Greetings
Marc
--
-- !! No courtesy copies, ple
On Viernes 18 Febrero 2011 18:44:25 Ron Johnson escribió:
> On 02/18/2011 07:26 AM, Noel David Torres Taño wrote:
> > On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
> >> On 02/17/2011 08:58 AM, Roger Leigh wrote:
> >> [snip]
> >>
> >>> Should it be locked down like Fort Knox?
> >>
> >>
On 02/18/2011 07:26 AM, Noel David Torres Taño wrote:
On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
On 02/17/2011 08:58 AM, Roger Leigh wrote:
[snip]
Should it be locked down like Fort Knox?
There's a heck of a lot of middle ground between "Fort Knox" and
"Hippy Commune".
We are
Stephen Gran writes ("Re: [Adduser-devel] Default Homedir Permissions"):
> I don't want to prolong this thread, but this seemed useful to answer.
Thanks.
> I certainly have no intention of changing the default on my own.
> My hope is that Debian is used in ways I can&
On Fri, Feb 18, 2011 at 2:26 PM, Noel David Torres Taño
wrote:
> On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
>> On 02/17/2011 08:58 AM, Roger Leigh wrote:
>> [snip]
>>
>> > Should it be locked down like Fort Knox?
>>
>> There's a heck of a lot of middle ground between "Fort Knox" and
On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
> On 02/17/2011 08:58 AM, Roger Leigh wrote:
> [snip]
>
> > Should it be locked down like Fort Knox?
>
> There's a heck of a lot of middle ground between "Fort Knox" and
> "Hippy Commune".
We are not a hippy comune, just two married people
This one time, at band camp, Ian Jackson said:
> [Someone] writes ("Re: Default Homedir Permissions"):
> > [stuff]
>
> We are in danger of wasting a lot of time with this discussion.
>
> The general pattern is that someone who is unhappy with the state of
>
Martin Owens wrote:
> If public by default is the way we want to go, then why not have a
> Private folder be default in the users home directory? Combined with the
> indication emblem in nautilus; this might provide a space for users to
> put data. ATM it's too hard to teach users how to secure a f
On 02/17/2011 09:24 AM, Roger Leigh wrote:
[snip]
Yes, but like everything there is a tradeoff. A totally secure system
is an unusable system.
Why the black and white? What happened to grey?
Having to instruct every user how to relax the
permissions to allow others t
On 02/17/2011 08:58 AM, Roger Leigh wrote:
[snip]
Should it be locked down like Fort Knox?
There's a heck of a lot of middle ground between "Fort Knox" and
"Hippy Commune".
Should it be generally usable, and easy for users to see each other's
stuff?
Only with the owner's permission. P
On 02/17/2011 10:55 AM, Martin Owens wrote:
On Thu, 2011-02-17 at 15:24 +, Roger Leigh wrote:
Yes, but like everything there is a tradeoff. A totally secure system
is an unusable system. Having to instruct every user how to relax the
permissions to allow others to access their files, or al
On Thu, 2011-02-17 at 15:24 +, Roger Leigh wrote:
> Yes, but like everything there is a tradeoff. A totally secure system
> is an unusable system. Having to instruct every user how to relax the
> permissions to allow others to access their files, or allow their web
> pages to be visible, is e
Austin English writes ("Re: Default Homedir Permissions"):
> On Thu, Feb 17, 2011 at 07:14, Ian Jackson
> wrote:
> > [Someone] writes ("Re: Default Homedir Permissions"):
> >> [stuff]
> >
> > We are in danger of wasting a lot of time with
On Thu, Feb 17, 2011 at 07:14, Ian Jackson
wrote:
> [Someone] writes ("Re: Default Homedir Permissions"):
>> [stuff]
>
> We are in danger of wasting a lot of time with this discussion.
>
> The general pattern is that someone who is unhappy with the state of
>
On Feb 17, Ian Jackson wrote:
> I disagree with this conclusion, because I disagree with the
> underlying implication that the general readability of files is not
> needed.
Agreed.
> Perhaps it might be reasonable to try to find a way for accounts like
> msql and www-data not to be able to acces
On to, 2011-02-17 at 15:24 +, Roger Leigh wrote:
> I would argue that a change that /would/ make a real difference, would
> be to have (as an example) emblems in Nautilus that flag files and
> folders depending on if other people have read or write access. That
> would visually show what is (a
On Thu, Feb 17, 2011 at 4:24 PM, Roger Leigh wrote:
> On Thu, Feb 17, 2011 at 04:07:12PM +0100, Olaf van der Spek wrote:
>> On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh wrote:
>> > In general, I think it's fair to say that the average Debian
>> > installation does not require Fort Knox levels of
[Someone] writes ("Re: Default Homedir Permissions"):
> [stuff]
We are in danger of wasting a lot of time with this discussion.
The general pattern is that someone who is unhappy with the state of
the world proposes a substantial change. The worry amongst the rest
of us is that the
On Thu, Feb 17, 2011 at 04:07:12PM +0100, Olaf van der Spek wrote:
> On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh wrote:
> > In general, I think it's fair to say that the average Debian
> > installation does not require Fort Knox levels of security. Simply
> > allowing other people to read our fi
On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh wrote:
> In general, I think it's fair to say that the average Debian
> installation does not require Fort Knox levels of security. Simply
> allowing other people to read our files is often something desirable;
Does other refer to other users, all oth
On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
> Perhaps it might be reasonable to try to find a way for accounts like
> msql and www-data not to be able to access home directories (add
> "daemon" to their supplementary group list and set the permissions of
> /home 0705 to root.daemon
On Thu, Feb 17, 2011 at 3:38 PM, Ian Jackson
wrote:
> Olaf van der Spek writes ("Re: Default Homedir Permissions"):
>> chmod 755 ~ is not a hard way to remove the barrier.
>
> We are arguing about defaults, so this is not a relevant answer.
In both cases it's easy t
On Thu, Feb 17, 2011 at 03:31:18PM +0100, Olaf van der Spek wrote:
> On Thu, Feb 17, 2011 at 2:44 PM, Ian Jackson
> wrote:
> > Olaf van der Spek writes ("Default Homedir Permissions"):
> >> Default homedir permissions are 755. World-readable (and listable).
> &g
Olaf van der Spek writes ("Re: Default Homedir Permissions"):
> chmod 755 ~ is not a hard way to remove the barrier.
We are arguing about defaults, so this is not a relevant answer.
> What are those assumptions based on?
I could ask you the same question. We are arguing in a
On Thu, Feb 17, 2011 at 2:44 PM, Ian Jackson
wrote:
> Olaf van der Spek writes ("Default Homedir Permissions"):
>> Default homedir permissions are 755. World-readable (and listable).
>> Common (security) sense says that permissions that are not required
>> sho
Olaf van der Spek writes ("Default Homedir Permissions"):
> Default homedir permissions are 755. World-readable (and listable).
> Common (security) sense says that permissions that are not required
> should not be granted. For example, accounts mysql and www-data should
>
* Olaf van der Spek [2011-02-17 13:56]:
> On Thu, Feb 17, 2011 at 1:52 PM, Martin Wuertele wrote:
> > IIRC you are asked during installation if you want world readable home
> > directories or not.
>
> No you're not. Unless (I assume) you do an expert install. Even then,
> non-world-readble mean
On Thu, Feb 17, 2011 at 1:52 PM, Martin Wuertele wrote:
> IIRC you are asked during installation if you want world readable home
> directories or not.
No you're not. Unless (I assume) you do an expert install. Even then,
non-world-readble means 751, not 750. The default should still change.
--
O
* Olaf van der Spek [2011-02-17 13:51]:
> Default homedir permissions are 755. World-readable (and listable).
> Common (security) sense says that permissions that are not required
> should not be granted. For example, accounts mysql and www-data should
> not have access to
Hi,
Default homedir permissions are 755. World-readable (and listable).
Common (security) sense says that permissions that are not required
should not be granted. For example, accounts mysql and www-data should
not have access to my documents.
Some time ago I filed a bug related to this: 398793
40 matches
Mail list logo
