On 15/07/2024 01:32, Hans wrote:
I see itthe other way round. No, if you are in the secure area, it is the
responsibility of the owner to make it secure by design i.e with dself closing
doors where you can not look into or windows with curtains.
The door is closed by default in bookworm. User home directories are
created with 0700 mode, see /usr/share/doc/adduser/README.gz and
/usr/share/doc/adduser/NEWS.Debian.gz As a result, it is necessary to
set ACLs e.g. to run unprivileged LXC containers.
RedHat likely has 0700 for $HOME for much longer time.
Put your confidential files in directories not readable by others. You
may consider keeping these directories encrypted.
In the past it was not uncommon to have ~/public_html accessible to web
server. Once I have faced requirement to explicitly set selinux context
for this directory. I do not know if it was default for that linux
distribution or configured by the administrator.