I support the 0700 on home directories.
On March 8, 2022, at 2:30 PM, Sam Hartman <hartm...@debian.org> wrote:
>>>>> "Marc" == Marc Haber <mh+debian-de...@zugschlus.de> writes:
Marc> Hi, you might have noticed that the adduser package has gained
Marc> I have some issues that I would like to solicit the opinion of
Marc> my fellow DDs and to reach rough consensus about some changes
Marc> that have been requested from Adduser in the BTS but I am
Marc> reluctant to go through with on my own decision.
Marc> (1) #202943, #202944, #398793, #442627, #782001 The bug
Marc> reporters are requesting the default for DIR_MODE to be
Marc> changed from 0755 to 0700, making home directories readable
Marc> for the user only. Policy 10.9 states that directories should
Marc> be 0755, but the policy editors probably didn't have user home
Marc> directories in mind when they wrote that.
Take a look at https://salsa.debian.org/vorlon/pam/-/merge_requests/3
According to the history of that patch, we have some old consensus to
move toward usergroups and a default umask of 0002 (except for root
which gets 0022).
I was trusting the analysis in that merge request and assuming we
actually did have such a consensus.
I don't think it makes sense to move toward 0700 home directories and to
loosen the umask for usergroups.
I'm fine with either direction, and would probably prefer the 0700
approach myself.
But I'd ask you to look into the history of usergroups in Debian as part
of your decision process.
