Re: [SLE] more on umask
From: James Knott (james.knott_at_rogers.com)
Date: Wed, 24 Aug 2005 13:44:29 -0400 To: email@example.com
Jos van Kan wrote:
> James Knott wrote:
>> Forgot to mention, the default configuration in SuSE has everyone in the
>> "users" group and then gives group members read access to all the home
>> directories. In Red Hat, each user is given his own group, which keeps
>> others out of his home directory. To do this in SuSE, you either have
>> to change the user's group after creating the user or use Webmin to
>> create the user. It's also a good idea to change /etc/skel, to remove
>> the group permissions, when a user is created. I have no idea why SuSE
>> fails on this issue, when they're supposed to be so focused on security.
> I fail to see what this has got to do with security. It completely
> defeats the group idea to give every user its own group. But if you want
> to keep everyone out of your files and directories nothing stops you
> from chmod'ing the lot to y00, y=0..7
The security problem is that:
a) Every user is a member of users
b) In the default install, every member of the groug users has access to
the home directory of every other user.
This means that I, as a member of group users can read the contents of
your personal documents in your home directory.
If you want to share files with the group, create a directory for that
group and every member of that group has access to that shared
directory. A user shouldn't have to take action, to keep others out of
his home directory.
As an experiment, create another user on your system and create a text
document in the home directory for that user. Then, log in as yourself
and try reading that file. Then log in as that other user and try
accessing files in your home directory. Tell me again about the
security of that setup.
-- Check the headers for your unsubscription address For additional commands send e-mail to firstname.lastname@example.org Also check the archives at http://lists.suse.com Please read the FAQs: email@example.com