Re: [Touch-packages] [Bug 48734] Re: Home permissions too open
On Mon, Sep 12, 2022 at 07:39:37AM -, Alkis Georgopoulos wrote:
> This change takes away the ability of the users to share some of their
> data WITHOUT involving the administrator.
Hello Alkis, do note that it is typical for users to own their own home
directory; if a user wishes to share, they can run:
chmod 755 ~
or
chmod 751 ~
(The choice is based on whether they want to allow listing their home
directory or not.)
Of course, they'd be wise to inspect the permissions on their other
files and directories to make sure they're only sharing what they intend
to share.
Of course, if the local administrator has decided that users cannot own
their own home directories, then that's another question entirely, one
you'll need to take up with the local administrator.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Great! Thank you for prioritizing the user's privacy!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Schools have started installing/upgrading to 22.04.1 and we're just now
seeing this.
This change takes away the ability of the users to share some of their data
WITHOUT involving the administrator.
It's not "privacy by default", it's "mandatory privacy".
Privacy by default could be done with umask.
Administrative actions can mitigate the issue, but they're tricky as they
cannot easily be applied to users that haven't logged in yet and folders that
don't exist yet.
Sudoer scripts that would give the ability to the users to share stuff by
themselves can be a worse security risk.
On the other hand, encrypted home directories is a trend with similar
issues.
I guess it'll be a bit easier to rewrite all the programs that need access to
/home/username to use other locations such as /run/user/XXX, /home/shared/XXX,
/home/public_html/XXX, /var/lib/AccountsService/users/user/face.png,
/var/spool/* etc,
than to introduce an XDG specification for a new /home/user/private directory,
and rewrite all the programs that need private or encryped data to use that
one. That would be a much cleaner solution, but it can't be a goal for a single
distribution.
So while this change does require us to spend some weeks reimplementing
our shared folders software, it might be for the best, let's see how it
goes. Cheers!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
As noted in the discourse thread on this https://discourse.ubuntu.com/t
/private-home-directories-for-ubuntu-21-04-onwards/19533 - I think a
similar ACL approach should be able to be used to give the www-data user
or similar access to your home dir for ~/public_html or for samba as
needed.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Just two things that are broken with DIR_MODE=0750
(Which are still perfectly supported with the proof-of-concept
lock-down plus improved-usability script from last the post.
Independently from the additional group directories that it
introduces.)
* samba usershares
* ~/public_html
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
--- Avoiding the caveat of "this does not work"? ---
You may just not have thought yet of this solution that can be
implemented with little adjustment:
( Privacy by default? YES, even with improved usability! )
Here is a trial script:
https://salsa.debian.org/freedombox-team/freedombox/-/snippets/518
The privacy by default solution goes along these lines:
* Simply let $HOME point to /home//public_html
* /home//incoming
* /home/group/users/
* /home/group/admin/private
* /home/group/admin/incoming
These kind of different problems just need to be seen and solved together.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Hello, I’m original bug reporter back from 2006 and I’ve been watching
the development of this bug over the years and I just wanted to say a
big thank everyone for getting this sorted!
- Dan
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 48734] Re: Home permissions too open
On 18/01/2021 12:46, Launchpad Bug Tracker wrote:
> This bug was fixed in the package adduser - 3.118ubuntu5
>
> ** Changed in: adduser (Ubuntu Hirsute)
>Status: Fix Committed => Fix Released
\o/
Well done and thank you to everyone who worked to make this happen.
I wonder if there will ever be another LP bug <50k that gets fix-
released?
Mark
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
This bug was fixed in the package adduser - 3.118ubuntu5
---
adduser (3.118ubuntu5) hirsute; urgency=medium
* Enable private home directories by default (LP: #48734)
- Set DIR_MODE=0750 in the default adduser.conf
- Change the description and default value to select private home
directories by default in debconf template
- Change the DIR_MODE when private home directories is configured via
debconf from 0751 to 0750 to ensure files are truly private
-- Alex Murray Wed, 06 Jan 2021 16:46:50
+1030
** Changed in: adduser (Ubuntu Hirsute)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Released
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
The issue with rootless podman userns mapping is described here
(postgres db confined in host user home):
https://www.redhat.com/sysadmin/rootless-podman-makes-sense
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Committed
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Committed
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Probably, behind the original decision there were also issues of home
access, required by some unprivileged services, like apache (userdir).
Today, letting all users accessing any ~/Doc,~/Pic,~/Video look like a
huge security hole (MS Windows deny this).
But anyway, today 'user' access should support user namespaces
(subuid/subgid)
This is required for rootless container development (podman, docker).
Another point is "sandbox model" by snap/flatpak.
In particular in "partial" supported scenarios: Snap+SeLinux (fedora)
and Flatpak+AppArmor (ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Committed
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Committed
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Updates for adduser and shadow were both uploaded to hirsute-proposed
yesterday as per https://lists.ubuntu.com/archives/ubuntu-devel-
discuss/2021-January/018901.html:
https://launchpad.net/ubuntu/+source/shadow/1:4.8.1-1ubuntu8
https://launchpad.net/ubuntu/+source/adduser/3.118ubuntu5
shadow has already migrated to the release pocket, and with any luck
adduser will migrate soon too which should resolve this issue.
** Also affects: shadow (Ubuntu)
Importance: Undecided
Status: New
** Also affects: adduser (Ubuntu Hirsute)
Importance: Medium
Status: Opinion
** Also affects: shadow (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Changed in: adduser (Ubuntu Hirsute)
Status: Opinion => Fix Committed
** Changed in: shadow (Ubuntu Hirsute)
Status: New => Fix Committed
** Changed in: shadow (Ubuntu Hirsute)
Status: Fix Committed => Fix Released
** Changed in: shadow (Ubuntu Hirsute)
Assignee: (unassigned) => Alex Murray (alexmurray)
** Changed in: adduser (Ubuntu Hirsute)
Assignee: (unassigned) => Alex Murray (alexmurray)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Fix Committed
Status in shadow package in Ubuntu:
Fix Released
Status in adduser source package in Hirsute:
Fix Committed
Status in shadow source package in Hirsute:
Fix Released
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Just chiming in here to add my support for this.
I don't think there's anything more to say really. It's already been
said very clearly why this should be changed. We should always have
privacy by default.
It genuinely boggles my mind that there would be any opposition to this.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
It really surprises me (negatively) that most Ubuntu experts seem to
agree on this design decision. Isn't a well accepted fact that security
can affect usability?.
Now, about:
> We assume that the people who share the machine are either trusted, or
in a position to hack the machine (boot from USB!) trivially.
That assumption is not correct for me, for example, when I lend my
computer to someone else, I don't usually trust them completely (so I'm
still sitting near enough so they can't boot from an USB without being
caught) and I just want to share with them the minimum they need to get
their work done and having access to my personal files is not part of
what they require.
And about:
> Now, in a more complex environment, like a university machine with
many users, people do not have access to the hardware and can't easily
root the box, but they also have the sysadmin skills to change the
default permission.
I think that it doesn't hold a totally valid point as sysadmins like me
tend to think that the default system settings are always secure enough
for most regular deployments, so you don't think it is a good idea to
change those settings unless you've read a thread like this one... which
not everyone is willing to look for and then read.
Finally, it seems to me that this default setting damages Linux
reputation (for non-experts) of being a secure OS.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
** Changed in: ubuntu-rtm
Status: New => Won't Fix
** Changed in: ubuntu-rtm
Status: Won't Fix => Opinion
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
It has been my experience, lately, that individuals or families sharing
a computer have a single login account, i.e. "Family", etc.. This is
probably due to the perception by such simple-needs $USER's or their
family I.T. guru, that--it is the easiest way to overcome the reasonable
and appropriate account isolation techniques, by default, in Windows or
macOS. I suggest that the same could be true for Ubuntu and it would
hardly be noticed, except by experienced *nix $USERS, most of whom--
would already know how to twiddle the appropriate bits, if needed, to
open their $HOMES.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
New
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
If I invite you into my house(physical), then I don't expect you to go
through my filing cabinets or closets, when I'm not looking, without
explicitly giving you those "permissions(0755)".
"Good fences make good neighbours" and "Locks keep out only the honest"
are equally true.
Placing convenience-over-privacy, by default, in this post-GDPR /
Facebook & Twitter leaks / Equifax breach / Edward Snowden & Julian
Assange(perhaps heroes to those of us in the USA), etc. seems to be
unconscionable.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
New
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
Whoa...Robbie, I'm just looking out for all the new user's and admin's
that are coming in from other platforms that could reasonably be
surprised by this and not Unix/Linux veteran's who broke their teeth
with vi on Slackware, etc..
Believe it or not, with WSL-2 and other notable advancements of Ubuntu
coming on to the radar of mainstream and mostly Microsoft-trained
admin's, we have an _opportunity_ here to create mindshare and loyalty
for migrations of huge workloads to our platform-of-choice and,
arguably, the best platform for safer and more secure computing as
opposed to having the majority of PC users in the world stay on one
company's monoculture-vision of desktop computing.
I'm attempting to spread the Gospel-of-GNU(Ubuntu) everywhere. We're on
the same team, my friend.
Obscure wiki articles and 13-year old "opinion"-marked bugs will _not_
be the first place new admins or users will find out about this issue!
Heck, I've been a Linux user since 2004("Red Hat 8"(before Fedora was
even a thing) box-set purchased at a CompUSA store), then Slackware and
an Ubuntu convert since 2012 or so. I should know better than to leave
multi-user seats unaudited for permissions after creation(or even during
by not having edited the adduser.conf file). But even I just _assumed_
that a modern desktop would surely put security ahead of convenience! I
didn't even know that this "security" issue was a "feature" till I
started setting-up multi-user local seats and even then--I may have just
started using ecryptfs as a workaround. Now--even that option is gone
from user(admin)-facing installer widgets.
Put yourself in the shoes of a new or migrating small to medium sized
business CIO or IT-manager looking to convert from the soon-to-be out-
of-service "Windows 7" in order to keep fleets of older boxes running
for daily knowledge-worker or office-productivity users who share
desktop PC's over the course of 24/7 shifts at the office. What would
you think if every system that you had installed or understood to be the
out-of-box defaults for the past few decades was based on blocking vs
allowing? And you took the risk of allowing this "Linux-
thing"(yes...this is what I have heard it called many times) only to
discover the opposite, a permissive rule set, without any warning.
Ubuntu is growing rapidly...I want to see it succeed despite it's geeks-
only reputation. I think sensible defaults are good to always be working
on(not just "opining" about in 13-year old bugs).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
New
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
> Wow! Approaching 13-years and counting on this bug. Neat.
What's your point in making this statement? A decision was made soon
after the bug has filed and that decision still stands today. What does
the age of the decision have to do with it?
> Why not just throw a simple toggle into the installer, to surface this
issue, offering admins the option?
There are negative UX consequences of every "why not just ask the user"
in the installer. It's not reasonable to demand that the user receive an
education on using the system before being allowed to install it, which
is what used to feel like to install Debian around the time Ubuntu
launched (I don't know what the Debian installer experience is now).
Part of the point of Ubuntu was to do the sensible thing and not ask a
million questions. I am not looking to make a statement either way on
this particular decision. My point is merely that there *is* a UX
downside to "throw a simple toggle into the installer" and you are in
competition with a bunch of other Ubuntu users who want _their_ question
asked by the installer because they don't like some other default.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
New
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
In the server edition this should not be enabled.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
New
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
** Also affects: ubuntu-rtm
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in adduser package in Ubuntu:
Opinion
Status in Ubuntu RTM:
New
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 48734] Re: Home permissions too open
This needs to be reconsidered. All user comments in this thread refuse
the official explanation given in comment #1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/48734
Title:
Home permissions too open
Status in “adduser” package in Ubuntu:
Opinion
Bug description:
Binary package hint: debian-installer
On a fresh dapper install i noticed that the file permissons for the
home directory for the user created by the installer is set to 755,
giving read access to everyone on the system.
Surely this is a bad idea? If your set on the idea can we atleast have
a option during the boot proccess?
Also new files that are created via the console ('touch' etc.) are
done so with '644' permissons, is there anything that can be done
here? nautlius seems to create files at '600', which is a better
setting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
