FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 02-17-2011, 11:50 AM
Olaf van der Spek
 
Default Default Homedir Permissions

Hi,

Default homedir permissions are 755. World-readable (and listable).
Common (security) sense says that permissions that are not required
should not be granted. For example, accounts mysql and www-data should
not have access to my documents.

Some time ago I filed a bug related to this: 398793
The maintainer didn't agree and asked me to bring this up on this
list. What do you think?
The (only) disadvantage is that ~/public_html requires you too grant
permission manually.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398793
--
Olaf


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTin3N3j_Dxds0zVrhhhFgO9MVVJrpg+YYwDVYoNT@mail .gmail.com">http://lists.debian.org/AANLkTin3N3j_Dxds0zVrhhhFgO9MVVJrpg+YYwDVYoNT@mail .gmail.com
 
Old 02-17-2011, 11:52 AM
Martin Wuertele
 
Default Default Homedir Permissions

* Olaf van der Spek <olafvdspek@gmail.com> [2011-02-17 13:51]:

> Default homedir permissions are 755. World-readable (and listable).
> Common (security) sense says that permissions that are not required
> should not be granted. For example, accounts mysql and www-data should
> not have access to my documents.
>
> Some time ago I filed a bug related to this: 398793
> The maintainer didn't agree and asked me to bring this up on this
> list. What do you think?
> The (only) disadvantage is that ~/public_html requires you too grant
> permission manually.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398793

IIRC you are asked during installation if you want world readable home
directories or not.

Kind regards,
Martin


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110217125231.GT12050@anguilla.debian.or.at">http ://lists.debian.org/20110217125231.GT12050@anguilla.debian.or.at
 
Old 02-17-2011, 11:55 AM
Olaf van der Spek
 
Default Default Homedir Permissions

On Thu, Feb 17, 2011 at 1:52 PM, Martin Wuertele <maxx@debian.org> wrote:
> IIRC you are asked during installation if you want world readable home
> directories or not.

No you're not. Unless (I assume) you do an expert install. Even then,
non-world-readble means 751, not 750. The default should still change.
--
Olaf


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTi=66VTHMh2--Ape7JqQ4Nwv_JDF1rhL17aMk4CN@mail.gmail.com">http://lists.debian.org/AANLkTi=66VTHMh2--Ape7JqQ4Nwv_JDF1rhL17aMk4CN@mail.gmail.com
 
Old 02-17-2011, 12:27 PM
Martin Wuertele
 
Default Default Homedir Permissions

* Olaf van der Spek <olafvdspek@gmail.com> [2011-02-17 13:56]:

> On Thu, Feb 17, 2011 at 1:52 PM, Martin Wuertele <maxx@debian.org> wrote:
> > IIRC you are asked during installation if you want world readable home
> > directories or not.
>
> No you're not. Unless (I assume) you do an expert install. Even then,
> non-world-readble means 751, not 750. The default should still change.

You are right about the expert install (I can't remember when I last did
a non-expert install).

751 togeather with a default umask of 027 would work, however several
programs don't work flawless with non 022 or 002 umaks (eg #531885).

Kind regards,
Martin

p.s. no need to CC me as I'm subscribed


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110217132710.GU12050@anguilla.debian.or.at">http ://lists.debian.org/20110217132710.GU12050@anguilla.debian.or.at
 
Old 02-17-2011, 12:44 PM
Ian Jackson
 
Default Default Homedir Permissions

Olaf van der Spek writes ("Default Homedir Permissions"):
> Default homedir permissions are 755. World-readable (and listable).
> Common (security) sense says that permissions that are not required
> should not be granted. For example, accounts mysql and www-data should
> not have access to my documents.

I disagree with this conclusion, because I disagree with the
underlying implication that the general readability of files is not
needed.

Most installed systems have a smallish number of users who know each
other reasonably well and would like to be able to share files. It
does not make sense to put strong privacy barriers in between those
users. Sensitive data like email and browser histories are already
made non-world-readable.

So the default is correct.

Perhaps it might be reasonable to try to find a way for accounts like
msql and www-data not to be able to access home directories (add
"daemon" to their supplementary group list and set the permissions of
/home 0705 to root.daemon, perhaps), but is this really worthwhile ?
If it is, the right thing to do is to go away and think about exactly
how to do it, not to file a bug asking for the default home directory
permissions to be changed.

Ian.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 19805.9786.37599.609757@chiark.greenend.org.uk">ht tp://lists.debian.org/19805.9786.37599.609757@chiark.greenend.org.uk
 
Old 02-17-2011, 01:31 PM
Olaf van der Spek
 
Default Default Homedir Permissions

On Thu, Feb 17, 2011 at 2:44 PM, Ian Jackson
<ijackson@chiark.greenend.org.uk> wrote:
> Olaf van der Spek writes ("Default Homedir Permissions"):
>> Default homedir permissions are 755. World-readable (and listable).
>> Common (security) sense says that permissions that are not required
>> should not be granted. For example, accounts mysql and www-data should
>> not have access to my documents.
>
> I disagree with this conclusion, because I disagree with the
> underlying implication that the general readability of files is not
> needed.

> Most installed systems have a smallish number of users who know each
> other reasonably well and would like to be able to share files. *It

What are those assumptions based on?
And how do you go from "want to share some files" to "default to share
all files"?

> does not make sense to put strong privacy barriers in between those
> users. *Sensitive data like email and browser histories are already
> made non-world-readable.

chmod 755 ~ is not a hard way to remove the barrier.

> So the default is correct.
>
> Perhaps it might be reasonable to try to find a way for accounts like
> msql and www-data not to be able to access home directories (add
> "daemon" to their supplementary group list and set the permissions of
> /home 0705 to root.daemon, perhaps), but is this really worthwhile ?

That would be another violation of general security principles (access
control based on exlcusion instead of inclusion);

> If it is, the right thing to do is to go away and think about exactly
> how to do it, not to file a bug asking for the default home directory
> permissions to be changed.

The bug wasn't about that, although it was related.


--
Olaf


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTim3=P6Ed-=z+VNPAGvfhm-fh+4Gn32pbSo3mhKK@mail.gmail.com">http://lists.debian.org/AANLkTim3=P6Ed-=z+VNPAGvfhm-fh+4Gn32pbSo3mhKK@mail.gmail.com
 
Old 02-17-2011, 01:38 PM
Ian Jackson
 
Default Default Homedir Permissions

Olaf van der Spek writes ("Re: Default Homedir Permissions"):
> chmod 755 ~ is not a hard way to remove the barrier.

We are arguing about defaults, so this is not a relevant answer.

> What are those assumptions based on?

I could ask you the same question. We are arguing in a vacuum.

I don't think we should make a change, but people who want defaults
changed always make more noise than people who are happy with the way
they are. I just wanted to make it clear that this change would not
be universally welcomed.

I don't think there is anything else useful to be said in this
subthread.

Ian.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 19805.13004.7522.663321@chiark.greenend.org.uk">ht tp://lists.debian.org/19805.13004.7522.663321@chiark.greenend.org.uk
 
Old 02-17-2011, 01:58 PM
Roger Leigh
 
Default Default Homedir Permissions

On Thu, Feb 17, 2011 at 03:31:18PM +0100, Olaf van der Spek wrote:
> On Thu, Feb 17, 2011 at 2:44 PM, Ian Jackson
> <ijackson@chiark.greenend.org.uk> wrote:
> > Olaf van der Spek writes ("Default Homedir Permissions"):
> >> Default homedir permissions are 755. World-readable (and listable).
> >> Common (security) sense says that permissions that are not required
> >> should not be granted. For example, accounts mysql and www-data should
> >> not have access to my documents.
> >
> > I disagree with this conclusion, because I disagree with the
> > underlying implication that the general readability of files is not
> > needed.
>
> > Most installed systems have a smallish number of users who know each
> > other reasonably well and would like to be able to share files. *It

> > So the default is correct.
> >
> > Perhaps it might be reasonable to try to find a way for accounts like
> > msql and www-data not to be able to access home directories (add
> > "daemon" to their supplementary group list and set the permissions of
> > /home 0705 to root.daemon, perhaps), but is this really worthwhile ?
>
> That would be another violation of general security principles (access
> control based on exlcusion instead of inclusion);

There are obviously differences of opinion in our expectations of
"how secure" a default installation should be.

Should it be locked down like Fort Knox?

Should it be generally usable, and easy for users to see each other's
stuff?

In general, I think it's fair to say that the average Debian
installation does not require Fort Knox levels of security. Simply
allowing other people to read our files is often something desirable;
if I have something especially secret, I'll take steps to make sure
it's not readable or writeable by anyone except me. But in general,
it's not a bad thing that others can see my stuff. I can always keep
private things in a 0700 subdirectory.

Even on the massively shared systems I use, it's common for home
directories to be readable by default, so you can let other people
access your data, scripts, git repos, or whatever.

I can see that in some circumstances you might well want total control
over who can see your files, but unless you're dealing with TOP SECRET
stuff, I am not convinced that this is something the typical user would
wish to have by default. Are there any common use cases which require
this?


Regards,
Roger

--
.'`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
 
Old 02-17-2011, 01:59 PM
Olaf van der Spek
 
Default Default Homedir Permissions

On Thu, Feb 17, 2011 at 3:38 PM, Ian Jackson
<ijackson@chiark.greenend.org.uk> wrote:
> Olaf van der Spek writes ("Re: Default Homedir Permissions"):
>> chmod 755 ~ is not a hard way to remove the barrier.
>
> We are arguing about defaults, so this is not a relevant answer.

In both cases it's easy to change permissions, but:

If you start with safe permissions but want to share everything, you
get an error message. Easy to fix.
If you start with unsafe permissions but wanted to share nothing, you
don't get an error messages and your data leaks. Impossible to fix.

>> What are those assumptions based on?
>
> I could ask you the same question. *We are arguing in a vacuum.

Feel free to ask.

--
Olaf


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTinS21pVTzze5vKczXoMAbiTUbuNX90bsye-mCOZ@mail.gmail.com">http://lists.debian.org/AANLkTinS21pVTzze5vKczXoMAbiTUbuNX90bsye-mCOZ@mail.gmail.com
 
Old 02-17-2011, 02:06 PM
Roger Leigh
 
Default Default Homedir Permissions

On Thu, Feb 17, 2011 at 01:44:26PM +0000, Ian Jackson wrote:
> Perhaps it might be reasonable to try to find a way for accounts like
> msql and www-data not to be able to access home directories (add
> "daemon" to their supplementary group list and set the permissions of
> /home 0705 to root.daemon, perhaps), but is this really worthwhile ?
> If it is, the right thing to do is to go away and think about exactly
> how to do it, not to file a bug asking for the default home directory
> permissions to be changed.

This is easily accomplished using ACLs. Example to only allow apache
access to public_html, and nothing else:

% setfacl -m g:www-data:x ~
% setfacl -m g:www-data:rx ~/public_html
% getfacl ~ ~/public_html
getfacl: Removing leading '/' from absolute path names
# file: home/rleigh
# owner: rleigh
# group: rleigh
user::rwx
group::r-x
group:www-data:--x
mask::r-x
other::r-x

# file: home/rleigh/public_html
# owner: rleigh
# group: rleigh
user::rwx
group::r-x
group:www-data:r-x
mask::r-x
other::r-x


Regards,
Roger

--
.'`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
 

Thread Tools




All times are GMT. The time now is 01:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org