>>>>> On Sat, 10 Feb 2024, Daniel Simionato wrote: > I'd like to start a discussion regarding setting HOME_MODE by default in > the /etc/login.defs file (owned by sys-apps/shadow package).
> Upstream keeps HOME_MODE commented: > https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/etc/login.defs#L207 > HOME_MODE affects only useradd and newuser commands: if HOME_MODE is set, > they will use the specified permission when creating a user home directory, > otherwise the default UMASK will be used. > Since the default umask is 022, keeping HOME_MODE unset will result in home > readable home directories created by useradd, which goes against security > best practices. > The proposal is to set HOME_MODE to 0700, or at least 0750: RedHat and RH > based distros, OpenSuse, ArchLinux all set it to 0700, Ubuntu has it at > 0750. Debian and Gentoo are two exceptions, keeping the upstream value of > HOME_MODE (although login.defs is changed in other ways). > I previously made a PR on github where you can find more details ( > https://github.com/gentoo/gentoo/pull/35231), but as pointed in the > comments this probably warrants some discussion beforehand. > I can understand the argument against the change, which is keeping in sync > with upstream and don't risk changing the historic default behaviour of > tools some users might rely upon. > I do believe though there's merit in providing safer and secure defaults, > so I would like HOME_MODE to have a safe default value for Gentoo and > Gentoo based distros. I see no strong argument either way. However, changing the default is somewhat intrusive, so I'd prefer staying with upstream. Also, are we aware of any breakage caused by this? As you've pointed out yourself, distros are inconsistent about it, i.e. not much guidance from there. Maybe upstream would be a better place for this discussion? Ulrich
signature.asc
Description: PGP signature
