Whoa...Robbie, I'm just looking out for all the new user's and admin's that are coming in from other platforms that could reasonably be surprised by this and not Unix/Linux veteran's who broke their teeth with vi on Slackware, etc..
Believe it or not, with WSL-2 and other notable advancements of Ubuntu coming on to the radar of mainstream and mostly Microsoft-trained admin's, we have an _opportunity_ here to create mindshare and loyalty for migrations of huge workloads to our platform-of-choice and, arguably, the best platform for safer and more secure computing as opposed to having the majority of PC users in the world stay on one company's monoculture-vision of desktop computing. I'm attempting to spread the Gospel-of-GNU(Ubuntu) everywhere. We're on the same team, my friend. Obscure wiki articles and 13-year old "opinion"-marked bugs will _not_ be the first place new admins or users will find out about this issue! Heck, I've been a Linux user since 2004("Red Hat 8"(before Fedora was even a thing) box-set purchased at a CompUSA store), then Slackware and an Ubuntu convert since 2012 or so. I should know better than to leave multi-user seats unaudited for permissions after creation(or even during by not having edited the adduser.conf file). But even I just _assumed_ that a modern desktop would surely put security ahead of convenience! I didn't even know that this "security" issue was a "feature" till I started setting-up multi-user local seats and even then--I may have just started using ecryptfs as a workaround. Now--even that option is gone from user(admin)-facing installer widgets. Put yourself in the shoes of a new or migrating small to medium sized business CIO or IT-manager looking to convert from the soon-to-be out- of-service "Windows 7" in order to keep fleets of older boxes running for daily knowledge-worker or office-productivity users who share desktop PC's over the course of 24/7 shifts at the office. What would you think if every system that you had installed or understood to be the out-of-box defaults for the past few decades was based on blocking vs allowing? And you took the risk of allowing this "Linux- thing"(yes...this is what I have heard it called many times) only to discover the opposite, a permissive rule set, without any warning. Ubuntu is growing rapidly...I want to see it succeed despite it's geeks- only reputation. I think sensible defaults are good to always be working on(not just "opining" about in 13-year old bugs). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to adduser in Ubuntu. https://bugs.launchpad.net/bugs/48734 Title: Home permissions too open Status in adduser package in Ubuntu: Opinion Status in Ubuntu RTM: New Bug description: Binary package hint: debian-installer On a fresh dapper install i noticed that the file permissons for the home directory for the user created by the installer is set to 755, giving read access to everyone on the system. Surely this is a bad idea? If your set on the idea can we atleast have a option during the boot proccess? Also new files that are created via the console ('touch' etc.) are done so with '644' permissons, is there anything that can be done here? nautlius seems to create files at '600', which is a better setting. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp