unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#27135: /root is world readable by default
@ 2017-05-29 19:04 Alex Griffin
  2017-05-30 16:11 ` Ludovic Courtès
  0 siblings, 1 reply; 3+ messages in thread
From: Alex Griffin @ 2017-05-29 19:04 UTC (permalink / raw)
  To: 27135

After a default install of GuixSD, anybody can read root's home
directory. I think /root should have permissions 700 instead of 755.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* bug#27135: /root is world readable by default
  2017-05-29 19:04 bug#27135: /root is world readable by default Alex Griffin
@ 2017-05-30 16:11 ` Ludovic Courtès
  2017-05-30 16:24   ` Marius Bakke
  0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2017-05-30 16:11 UTC (permalink / raw)
  To: Alex Griffin; +Cc: 27135-done

Hi Alex,

Alex Griffin <a@ajgrf.com> skribis:

> After a default install of GuixSD, anybody can read root's home
> directory. I think /root should have permissions 700 instead of 755.

Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744.

For the other user accounts, useradd(8) does its thing, and apparently
it defaults to world-readable accounts (it defaults to a umask of 022 as
written in the man page).

Thoughts?

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* bug#27135: /root is world readable by default
  2017-05-30 16:11 ` Ludovic Courtès
@ 2017-05-30 16:24   ` Marius Bakke
  0 siblings, 0 replies; 3+ messages in thread
From: Marius Bakke @ 2017-05-30 16:24 UTC (permalink / raw)
  To: Ludovic Courtès, Alex Griffin; +Cc: 27135-done

[-- Attachment #1: Type: text/plain, Size: 640 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Alex,
>
> Alex Griffin <a@ajgrf.com> skribis:
>
>> After a default install of GuixSD, anybody can read root's home
>> directory. I think /root should have permissions 700 instead of 755.
>
> Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744.
>
> For the other user accounts, useradd(8) does its thing, and apparently
> it defaults to world-readable accounts (it defaults to a umask of 022 as
> written in the man page).
>
> Thoughts?

I'm in favor of overriding that default. I usually chmod /home/* to 0700
anyway. 0750 would be okay too and probably covers more use cases.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-30 16:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-29 19:04 bug#27135: /root is world readable by default Alex Griffin
2017-05-30 16:11 ` Ludovic Courtès
2017-05-30 16:24   ` Marius Bakke

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).