Olaf van der Spek writes ("Default Homedir Permissions"):
> Default homedir permissions are 755. World-readable (and listable).
> Common (security) sense says that permissions that are not required
> should not be granted. For example, accounts mysql and www-data should
> not have access to my documents.I disagree with this conclusion, because I disagree with the underlying implication that the general readability of files is not needed. Most installed systems have a smallish number of users who know each other reasonably well and would like to be able to share files. It does not make sense to put strong privacy barriers in between those users. Sensitive data like email and browser histories are already made non-world-readable. So the default is correct. Perhaps it might be reasonable to try to find a way for accounts like msql and www-data not to be able to access home directories (add "daemon" to their supplementary group list and set the permissions of /home 0705 to root.daemon, perhaps), but is this really worthwhile ? If it is, the right thing to do is to go away and think about exactly how to do it, not to file a bug asking for the default home directory permissions to be changed. Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/19805.9786.37599.609...@chiark.greenend.org.uk
