Incorrect permissions (home directories)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adduser (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
(applies to all versions of Ubuntu, including 6.10-rc)
The home directory of default user created by installer (and probably users created by user configuration GUI too, i use server edition so I'm not sure) has permissions 755, which means that other users can browse default user home directory. Permissions for home directories should be set to 0700.
Some of you may not agree it's a bug, but no matter how you call it, it must be fixed. Such behaviour violates several principles of good design:
- security by default (no action or special knowledge should be required to have secure system after installation)
- principle of least privilege (ability to browse other home directories is rarely required, so it should not be enabled by default)
- principle of least surprise (things should work as expected and ability of others to browse my home directory is not what I would expect if I was novice user)
Recommendation: make more sensible 0700 permissions as default for 6.10 release. It should be an easy fix.
thanks for your bug report. which installation medium did you use? liveCd or alternative cD?