* bug#27135: /root is world readable by default
@ 2017-05-29 19:04 Alex Griffin
2017-05-30 16:11 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Alex Griffin @ 2017-05-29 19:04 UTC (permalink / raw)
To: 27135
After a default install of GuixSD, anybody can read root's home
directory. I think /root should have permissions 700 instead of 755.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#27135: /root is world readable by default
2017-05-29 19:04 bug#27135: /root is world readable by default Alex Griffin
@ 2017-05-30 16:11 ` Ludovic Courtès
2017-05-30 16:24 ` Marius Bakke
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2017-05-30 16:11 UTC (permalink / raw)
To: Alex Griffin; +Cc: 27135-done
Hi Alex,
Alex Griffin <a@ajgrf.com> skribis:
> After a default install of GuixSD, anybody can read root's home
> directory. I think /root should have permissions 700 instead of 755.
Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744.
For the other user accounts, useradd(8) does its thing, and apparently
it defaults to world-readable accounts (it defaults to a umask of 022 as
written in the man page).
Thoughts?
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#27135: /root is world readable by default
2017-05-30 16:11 ` Ludovic Courtès
@ 2017-05-30 16:24 ` Marius Bakke
0 siblings, 0 replies; 3+ messages in thread
From: Marius Bakke @ 2017-05-30 16:24 UTC (permalink / raw)
To: Ludovic Courtès, Alex Griffin; +Cc: 27135-done
[-- Attachment #1: Type: text/plain, Size: 640 bytes --]
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Alex,
>
> Alex Griffin <a@ajgrf.com> skribis:
>
>> After a default install of GuixSD, anybody can read root's home
>> directory. I think /root should have permissions 700 instead of 755.
>
> Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744.
>
> For the other user accounts, useradd(8) does its thing, and apparently
> it defaults to world-readable accounts (it defaults to a umask of 022 as
> written in the man page).
>
> Thoughts?
I'm in favor of overriding that default. I usually chmod /home/* to 0700
anyway. 0750 would be okay too and probably covers more use cases.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-30 16:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-29 19:04 bug#27135: /root is world readable by default Alex Griffin
2017-05-30 16:11 ` Ludovic Courtès
2017-05-30 16:24 ` Marius Bakke
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).