U Uto, 14. 04. 2009., u 12:35 -0600, Alberto Sierra je napisao/la: > Bottom line is, the article may not be good, but it is a great tool as > feedback for the server team, and constructive critisism is needed to > improve overall.
Except the default home directory permissions, nothing else in that article is valid and, imho, it's just FUD. If anyone, I'm always open for constructive criticism, but this article isn't that. It shows lack of knowledge about stuff author is writing about (POP2, IMAP2, bootpc, bootps, system's user shells). I'm even shocked that such a poor written article is on a front page of Linux Magazine. Only valid point I'm seeing in whole discussion are default permissions on home directory. We haven't made any special decisions (IIRC), we just inherited Debian approach. Looking at Debian's success in security and on servers, I would argue they know better than Ronald McCarty. Still, we should make decision about this and fix everything that doesn't comply (ATM, vsftpd doesn't comply with current setup). If we opt for 0700 on home directory, we should make sure everything else works. As people already said, 0700 permission of home directories don't make your data secure. Closest thing to usable secure data is crypted home directory, which thanks to Dustin, we provide. And this is EOD from me on this article. I'm in favour of starting a discussion about possibilities to change default permissions for home directories. -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
