On Sat, Feb 19, 2011 at 10:49 AM, Olaf van der Spek
olafvds...@gmail.com wrote:
On Fri, Feb 18, 2011 at 9:19 AM, Stephen Gran sg...@debian.org wrote:
I don't want to prolong this thread, but this seemed useful to answer.
I certainly have no intention of changing the default on my own.
Could
On 17 February 2011 16:36, Lars Wirzenius l...@liw.fi wrote:
It would be really cool if there was an automatic auditor for people to
use. Not just showing emblems in Nautilus, but offering to fix things as
well. Here's how I imagine it might work.
(...)
From your description you are not
Lars Wirzenius l...@liw.fi writes:
The auditor then looks for things in the system, and in home
directories, which might be problems. For example, if it's meant to be a
mail server with a lot of security, having telnetd installed and running
would be a problem for it to flag. Likewise, it
On Thu, 17 Feb 2011 14:58:36 +, Roger Leigh rle...@codelibre.net
wrote:
Should it be locked down like Fort Knox?
No. That'll lead to inexperienced users working as root since they're
too stup^winexperienced to grok permissions.
Greetings
Marc
--
-- !! No
On Thu, 17 Feb 2011 15:06:59 +, Roger Leigh rle...@codelibre.net
wrote:
On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
Perhaps it might be reasonable to try to find a way for accounts like
msql and www-data not to be able to access home directories (add
daemon to their
On Fri, 18 Feb 2011 08:19:08 +, Stephen Gran sg...@debian.org
wrote:
I certainly have no intention of changing the default on my own.
My hope is that Debian is used in ways I can't imagine, and I can not
begin to cater to all of the variety of needs that current and future
users will want. I
On Sat, Feb 19, 2011 at 9:10 AM, Marc Haber
mh+debian-de...@zugschlus.de wrote:
On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
Perhaps it might be reasonable to try to find a way for accounts like
msql and www-data not to be able to access home directories (add
daemon to their
On Fri, Feb 18, 2011 at 9:19 AM, Stephen Gran sg...@debian.org wrote:
I don't want to prolong this thread, but this seemed useful to answer.
I certainly have no intention of changing the default on my own.
Could you at least fix the original bug and ensure preseeding works?
Olaf
--
To
On Thu, Feb 17, 2011 at 11:55:16AM -0500, Martin Owens wrote:
0755 is not inherently insecure. Others can't make any changes, but
they can look. The only issue here is accidental disclosure of
information intended to be private.
If public by default is the way we want to go, then why
On Sat, Feb 19, 2011 at 11:43 AM, Roger Leigh rle...@codelibre.net wrote:
We could even do the opposite (create a public folder) if the
permissions are 0750, though this would require either 0751 or
ACLs to be actually accessible. Again, we could include a README file
instructing the user how
On Sat, 19 Feb 2011 10:47:42 +0100, Olaf van der Spek
olafvds...@gmail.com wrote:
On Sat, Feb 19, 2011 at 9:10 AM, Marc Haber
mh+debian-de...@zugschlus.de wrote:
On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
Perhaps it might be reasonable to try to find a way for accounts like
This one time, at band camp, Ian Jackson said:
[Someone] writes (Re: Default Homedir Permissions):
[stuff]
We are in danger of wasting a lot of time with this discussion.
The general pattern is that someone who is unhappy with the state of
the world proposes a substantial change
On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
On 02/17/2011 08:58 AM, Roger Leigh wrote:
[snip]
Should it be locked down like Fort Knox?
There's a heck of a lot of middle ground between Fort Knox and
Hippy Commune.
We are not a hippy comune, just two married people, but I
On Fri, Feb 18, 2011 at 2:26 PM, Noel David Torres Taño
env...@rolamasao.org wrote:
On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
On 02/17/2011 08:58 AM, Roger Leigh wrote:
[snip]
Should it be locked down like Fort Knox?
There's a heck of a lot of middle ground between Fort Knox
Stephen Gran writes (Re: [Adduser-devel] Default Homedir Permissions):
I don't want to prolong this thread, but this seemed useful to answer.
Thanks.
I certainly have no intention of changing the default on my own.
My hope is that Debian is used in ways I can't imagine, and I can not
begin
On 02/18/2011 07:26 AM, Noel David Torres Taño wrote:
On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
On 02/17/2011 08:58 AM, Roger Leigh wrote:
[snip]
Should it be locked down like Fort Knox?
There's a heck of a lot of middle ground between Fort Knox and
Hippy Commune.
We are
On Viernes 18 Febrero 2011 18:44:25 Ron Johnson escribió:
On 02/18/2011 07:26 AM, Noel David Torres Taño wrote:
On Jueves 17 Febrero 2011 22:18:25 Ron Johnson escribió:
On 02/17/2011 08:58 AM, Roger Leigh wrote:
[snip]
Should it be locked down like Fort Knox?
There's a heck of a
Hi,
Default homedir permissions are 755. World-readable (and listable).
Common (security) sense says that permissions that are not required
should not be granted. For example, accounts mysql and www-data should
not have access to my documents.
Some time ago I filed a bug related to this: 398793
* Olaf van der Spek olafvds...@gmail.com [2011-02-17 13:51]:
Default homedir permissions are 755. World-readable (and listable).
Common (security) sense says that permissions that are not required
should not be granted. For example, accounts mysql and www-data should
not have access to my
On Thu, Feb 17, 2011 at 1:52 PM, Martin Wuertele m...@debian.org wrote:
IIRC you are asked during installation if you want world readable home
directories or not.
No you're not. Unless (I assume) you do an expert install. Even then,
non-world-readble means 751, not 750. The default should still
* Olaf van der Spek olafvds...@gmail.com [2011-02-17 13:56]:
On Thu, Feb 17, 2011 at 1:52 PM, Martin Wuertele m...@debian.org wrote:
IIRC you are asked during installation if you want world readable home
directories or not.
No you're not. Unless (I assume) you do an expert install. Even
Olaf van der Spek writes (Default Homedir Permissions):
Default homedir permissions are 755. World-readable (and listable).
Common (security) sense says that permissions that are not required
should not be granted. For example, accounts mysql and www-data should
not have access to my documents
On Thu, Feb 17, 2011 at 2:44 PM, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
Olaf van der Spek writes (Default Homedir Permissions):
Default homedir permissions are 755. World-readable (and listable).
Common (security) sense says that permissions that are not required
should
Olaf van der Spek writes (Re: Default Homedir Permissions):
chmod 755 ~ is not a hard way to remove the barrier.
We are arguing about defaults, so this is not a relevant answer.
What are those assumptions based on?
I could ask you the same question. We are arguing in a vacuum.
I don't think
On Thu, Feb 17, 2011 at 03:31:18PM +0100, Olaf van der Spek wrote:
On Thu, Feb 17, 2011 at 2:44 PM, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
Olaf van der Spek writes (Default Homedir Permissions):
Default homedir permissions are 755. World-readable (and listable).
Common
On Thu, Feb 17, 2011 at 3:38 PM, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
Olaf van der Spek writes (Re: Default Homedir Permissions):
chmod 755 ~ is not a hard way to remove the barrier.
We are arguing about defaults, so this is not a relevant answer.
In both cases it's easy
On Thu, Feb 17, 2011 at 01:44:26PM +, Ian Jackson wrote:
Perhaps it might be reasonable to try to find a way for accounts like
msql and www-data not to be able to access home directories (add
daemon to their supplementary group list and set the permissions of
/home 0705 to root.daemon,
On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh rle...@codelibre.net wrote:
In general, I think it's fair to say that the average Debian
installation does not require Fort Knox levels of security. Simply
allowing other people to read our files is often something desirable;
Does other refer to
On Thu, Feb 17, 2011 at 04:07:12PM +0100, Olaf van der Spek wrote:
On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh rle...@codelibre.net wrote:
In general, I think it's fair to say that the average Debian
installation does not require Fort Knox levels of security. Simply
allowing other people
[Someone] writes (Re: Default Homedir Permissions):
[stuff]
We are in danger of wasting a lot of time with this discussion.
The general pattern is that someone who is unhappy with the state of
the world proposes a substantial change. The worry amongst the rest
of us is that the change might go
On Thu, Feb 17, 2011 at 4:24 PM, Roger Leigh rle...@codelibre.net wrote:
On Thu, Feb 17, 2011 at 04:07:12PM +0100, Olaf van der Spek wrote:
On Thu, Feb 17, 2011 at 3:58 PM, Roger Leigh rle...@codelibre.net wrote:
In general, I think it's fair to say that the average Debian
installation does
On to, 2011-02-17 at 15:24 +, Roger Leigh wrote:
I would argue that a change that /would/ make a real difference, would
be to have (as an example) emblems in Nautilus that flag files and
folders depending on if other people have read or write access. That
would visually show what is (and
On Feb 17, Ian Jackson ijack...@chiark.greenend.org.uk wrote:
I disagree with this conclusion, because I disagree with the
underlying implication that the general readability of files is not
needed.
Agreed.
Perhaps it might be reasonable to try to find a way for accounts like
msql and
On Thu, Feb 17, 2011 at 07:14, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
[Someone] writes (Re: Default Homedir Permissions):
[stuff]
We are in danger of wasting a lot of time with this discussion.
The general pattern is that someone who is unhappy with the state of
the world
Austin English writes (Re: Default Homedir Permissions):
On Thu, Feb 17, 2011 at 07:14, Ian Jackson
ijack...@chiark.greenend.org.uk wrote:
[Someone] writes (Re: Default Homedir Permissions):
[stuff]
We are in danger of wasting a lot of time with this discussion.
The general pattern
On Thu, 2011-02-17 at 15:24 +, Roger Leigh wrote:
Yes, but like everything there is a tradeoff. A totally secure system
is an unusable system. Having to instruct every user how to relax the
permissions to allow others to access their files, or allow their web
pages to be visible, is
On 02/17/2011 10:55 AM, Martin Owens wrote:
On Thu, 2011-02-17 at 15:24 +, Roger Leigh wrote:
Yes, but like everything there is a tradeoff. A totally secure system
is an unusable system. Having to instruct every user how to relax the
permissions to allow others to access their files, or
On 02/17/2011 08:58 AM, Roger Leigh wrote:
[snip]
Should it be locked down like Fort Knox?
There's a heck of a lot of middle ground between Fort Knox and
Hippy Commune.
Should it be generally usable, and easy for users to see each other's
stuff?
Only with the owner's permission.
On 02/17/2011 09:24 AM, Roger Leigh wrote:
[snip]
Yes, but like everything there is a tradeoff. A totally secure system
is an unusable system.
Why the black and white? What happened to grey?
Having to instruct every user how to relax the
permissions to allow others
Martin Owens wrote:
If public by default is the way we want to go, then why not have a
Private folder be default in the users home directory? Combined with the
indication emblem in nautilus; this might provide a space for users to
put data. ATM it's too hard to teach users how to secure a
40 matches
Mail list logo