Why is the default user group "users"? and: rights and access to /var/mail

Why is the default user group "users"? and: rights and access to /var/mail

[Nils Gillmann]

Hi,

can someone tell me why in gnu/system/shadow module you thought
it would be a good idea to default to "users" as a shared group
for all accounts created as normal user profiles?

Reason why I'm asking has a second question attached:
Why does our opensmtpd-service (and dovecot?) create
/var/mail world readable, owned by root:root?
I'm working on integration of mailx (package done, debugging its
runtime currently[1]), though I think my concern is not exclusive to
mailx: I want users to be able to read mailboxes inside /var/mail
by their name (/var/mail/$username) and which are set to be r+w
only for $username:$username. If you want to list the content of
the folder you would need to be part of the wheel/sudo group,
otherwise you are just able to access your mailbox with your
mailreader.
$username:$username was what I learned as good and secure usage
for user accounts. Why GuixSD uses $username:users is beyond me.
I know recently the default chmod of the user $home was changed
(last year?) so I can no longer read other users homes, but I'm
still questioning the choice.
Some explanation on this would be good.


[1] Not sure if this is something you want to see in Guix master,
as a package and as integration. If you are, I'll work it into
my Guix repo when I'm done with it.

Re: Why is the default user group "users"? and: rights and access to /var/mail

[Nils Gillmann]

Nils Gillmann transcribed 1.3K bytes:
> Hi,
> 
> can someone tell me why in gnu/system/shadow module you thought
> it would be a good idea to default to "users" as a shared group
> for all accounts created as normal user profiles?
> 
> Reason why I'm asking has a second question attached:
> Why does our opensmtpd-service (and dovecot?) create
> /var/mail world readable, owned by root:root?
> I'm working on integration of mailx (package done, debugging its
> runtime currently[1]), though I think my concern is not exclusive to
> mailx: I want users to be able to read mailboxes inside /var/mail
> by their name (/var/mail/$username) and which are set to be r+w
> only for $username:$username. If you want to list the content of
> the folder you would need to be part of the wheel/sudo group,
> otherwise you are just able to access your mailbox with your
> mailreader.
> $username:$username was what I learned as good and secure usage
> for user accounts. Why GuixSD uses $username:users is beyond me.
> I know recently the default chmod of the user $home was changed
> (last year?) so I can no longer read other users homes, but I'm
> still questioning the choice.
> Some explanation on this would be good.

I think I can achieve what I want with different settings and services.
root:root might still be a problem, but I need test more with this.

On $username:users, I was told that $username:$username is quiet
recent and new development in how defaults are set for Unix users.
With every user in one group we just need to watch chmod. So I guess
the decision was made when this one user group was still dominant.

> 
> [1] Not sure if this is something you want to see in Guix master,
> as a package and as integration. If you are, I'll work it into
> my Guix repo when I'm done with it.
> 

Re: Why is the default user group "users"? and: rights and access to /var/mail

[Chris Marusich]

[-- Attachment #1: Type: text/plain, Size: 2135 bytes --]

Nils Gillmann <ng0@n0.is> writes:

> can someone tell me why in gnu/system/shadow module you thought
> it would be a good idea to default to "users" as a shared group
> for all accounts created as normal user profiles?
>
> Reason why I'm asking has a second question attached:
> Why does our opensmtpd-service (and dovecot?) create
> /var/mail world readable, owned by root:root?

Does the opensmtpd-service allow a user to customize in their
<operating-system> declaration the permissions it will use for
/var/mail?  If it does, then you should be able to specify precisely the
permissions you want on /var/mail.

> I'm working on integration of mailx (package done, debugging its
> runtime currently[1]), though I think my concern is not exclusive to
> mailx: I want users to be able to read mailboxes inside /var/mail
> by their name (/var/mail/$username) and which are set to be r+w
> only for $username:$username. If you want to list the content of
> the folder you would need to be part of the wheel/sudo group,
> otherwise you are just able to access your mailbox with your
> mailreader.
> $username:$username was what I learned as good and secure usage
> for user accounts. Why GuixSD uses $username:users is beyond me.
> I know recently the default chmod of the user $home was changed
> (last year?) so I can no longer read other users homes, but I'm
> still questioning the choice.
> Some explanation on this would be good.

In defense of the current default, my understanding is that in shared
systems, it is not uncommon to put users in a single group (e.g.,
users).  I suppose the intent might be to make it easier for the users
to collaborate in such shared systems.  So, I didn't find this behavior
very surprising.  However, if you want to change the user/group
structure, you ought to be able to do so.  I believe you can do that by
customizing the "users" and "groups" fields of your <operating-system>
declaration (see: (guix) operating-system Reference).  You even should
to be able to remove the "users" group entirely if you don't want it.

Hope that helps!

-- 
Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]