Control: -1 severity wishlist On Wed, Jul 13, 2022 at 11:45:58PM -0700, Josh Triplett wrote: > adduser 3.122 changes home directories to be setgid by default. The > issues discussing that change mention use cases involving multiuser > systems with shared groups, though that doesn't explain setting this > mode on home directories rather than on shared work areas.
This was part of the big adduser discussion debian-devel@l.d.o and didn't get much attention. The setting is run-time configurable in adduser.conf. I would be willing to re-raise the severity of this issue if I can find a case for changing the default AGAIN and there is some discussion on debian-devel on this topic. > One of the issues links to > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=64806 , which talks > about easing the setup of shared directories for users who don't feel > comfortable running `chmod 2770` or similar themselves. That seems like > a relatively small justification, given that anyone setting up a shared > work directory *can* run `chmod 2770` or similar themselves, and doing > so does not require any special permission. A local admin who doesn't like the behavior is free to change the default by setting an appropriate DIR_MODE in adduser.conf. There is a NEWS.Debian entry pointing the local administrator to this new behavior. > The more recent issue 643559 suggests that > > Those "bad side-effects", if they were ever relevant and important > > enough to make personal groups not work properly, have now been fixed. > > However, this is not the case; this change does in fact have bad > side-effects. This change breaks some common use cases that apply to > users on many systems, both single-user and multi-user. Can we please have more information than just "bad side-effects"? > In particular, it is common to build various kinds of filesystem, > container, or disk images, and to do so within your home directory. > Users writing tools and scripts to build such images need to make sure > to create files with an appropriate mode, but such scripts often assume > (reasonably) that if they're running as root:root and they create a > file, that file will be owned by root:root. Attempting to build > filesystems, containers, disk images, or similar in an unexpectedly > setgid directory will produce unexpected results (leaving aside that the > directory mode itself will be surprising). Would it help to do this kind of work in a subdirectory under the home directory and making sure that one is not setgid? I am happy to document this. > Given those tradeoffs, I don't think this change is the right default. > I'd like to ask that the default mode be reverted from 2700 to 700. I'd like you to take this discussion to debian-devel, most desireably as reply to https://lists.debian.org/debian-devel/2022/03/msg00304.html, <yjinpj6x3y9ra...@torres.zugschlus.de>. We can also talk to the ctte if the discussion on -devel doesn't bring any more consensus. It is really sad that you didn't participate in the discussion in march, where this part of the changes didnt get much attention and noone came up with any arguments against sgid home directories. I personally am at a loss here since I am just a server jockey who doesn't have many unprivileged shell account users on my boxes. -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
