Security. OpenSUSE $HOME permissions.

[live_fx]

Hi all. This pool is about some openSUSE 11.1 security changes. I`m about a default system permissions on users /home directories. The default $HOME permissions mode is 755 instead of good old UNIX rule 700 - "only root can do that". Now all users can do that.

1. This no good because now all users by default can look inside the others $HOME-s. And when you create new directory and create some file inside, and write some information, or credentials, the other users can now read and copy this information - This is the system default permissions now.

2. Because all users, who based on old security rules, think they are closed "by default" and create some credentials files, keys, mail boxes, in home, and this files is readable by default for other users.

3. Because this is one step to windows chaos, from strong UNIX security rules. And now, you are don`t need to understand, what you do, when you open something. This now just opened by default for all.

4. Because the good SSH security rule - login as some user, and work as user, and only then login as root if needed. But now any user by default can read some data inside. Some time ago i explore FreeBSD root shell, because i found root password inside the user shell history. (Sometimes we think, what we type to password field, but we type to shell, and shell return "Command not found", and write your password to history (if history is enabled). 1. Disable history if you want to close your back 2. Look to display and see what you type and where)

5. Because Nautilus and Konqueror has a "Share" options and when someone want to share data, he can use very many ways for this, include more advanced tools - chmod/chown.

I`m not remember all things.
Vote plz.

[ken_yap]

Just to help, other things you might want to do to advance your cause:

Enter an enhancement request at bugzilla.novell.com.

Create a HOWTO explaining why and when you might want to change the default settings in /etc/login.defs

[Chrysantine]

Insignificant issue.

YAST / Security & Users / User and Group Permissions / Defaults for New Users -> Umask for Home Directory.

If you're a system administrator and setup a multi-user server without knowing simple things like this, you shouldn't be doing it.

[live_fx]

All times before, this permissions will be a nice rule by default. I`m just interesting, for what this funny improvements was made?


Many drivers not work, many software packages is buggy, many problems with hardware compatibility, but new $HOME default permissions - is a new revolutionary step ?

But Linux now, by default is more friendly for ladies ?

mega-lol ))

[live_fx]

This just a question of UNIX philosophy. Just question, not more
This improvement bring up a strange understanding of Linux. This look like Windows now. Next step - is default network share "/" (for system needs of course).

Mac OS X have closed homes by default. This very nice OS. This is a UNIX. And users can not read in other homes any they want. Nobody crying about sharing on OS-X.

This is a not tragedy, but this new rule is really fun