On Tue, 10 Feb 2009, Kees Cook wrote: > Package: base-files > Version: 5 > Severity: normal > Tags: patch > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu jaunty ubuntu-patch > > Hello! > > One question that both the Ubuntu Security Team and the Server Team > have fielded many times is "why is /root not mode 700?" It seems that > many server admins expect this directory to be private. While the fix > for them is easy, it might be nice to make this change by default. > It doesn't seem like anything in the FHS or the base-files package > history discusses the privacy of /root, so I couldn't find any reasons > to not suggest this change. > > I'd like to propose that /root be shipping mode 700 for new installs. What > are your thoughts?
This has been discussed in the past (see archived bugs for base-files). Last time I checked, home directories in /home are 755 by default and this is not considered as a bug either. I think both cases are similar and we should treat them the same, that is, if the consensus is that user home directories should be private by default, we apply that principle to both /home/* and /root. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
