Re: Default DIR_MODE for Ubuntu
On Thu, 2022-11-03 at 10:11:59 +, Benjamin Drung wrote: > On Wed, 2022-11-02 at 18:15 +0100, Alex Murray wrote: >> On Wed, 2022-11-02 at 15:23:08 +, Benjamin Drung wrote: >> >> > Hi everyone, >> > >> > adduser 3.123 (in Debian) changed the default mode for normal users >> > (DIR_MODE) from 0755 to 0700. The default mode for system user >> > (SYS_DIR_MODE) stayed untouched at 0755. See [1] and [2] for a >> > reasoning. >> > >> > Ubuntu on the other hand has been using mode 0750 for normal and system >> > users for a long time. >> > >> > I like to have the same default permissions on Debian and Ubuntu for >> > consistency reasons. Can we adopt the default permission from Debian or >> > should we start a discussion in Debian to change their DIR_MODE to >> > 0750? >> >> I don't see much of a tangible benefit to switching to DIR_MODE=0700 by >> default in Ubuntu, however I would not oppose such a change - tighter >> permissions generally sounds like a good thing, but I wonder if there >> are other use-cases that this may break (and given that this is the >> permission for the user's primary group I don't see that is has much of >> a tangible difference as in general most users are not members of other >> users' primary groups). > > I agree. Since users have their own primary group it makes more sense to > have this users group have read access. So people can easily add users > to other users groups to give them read access. > > I read through the mails on Debian and found no mentioning about 0750. > So do you agree that I start a conversation in Debian for Debian change > to 0750? > Yes, if you want to unify this between Debian and Ubuntu that would be my preferred option. >> Regarding SYS_DIR_MODE, I am not sure I fully understand the reasoning >> for this remaining at 0755 - this doesn't seem to be specified in either >> the NEWS or README. These seem to only say that there was a desire to >> separate the two and have more restrictive permissions for regular users >> without affecting system users, but there is no mention of particular >> use-cases that would drive this decision. > > The SYS_DIR_MODE was introduced to have separate permission for normal > and system users (to be able to only change normal user permission). > >> In the case of Ubuntu, I am not aware of any adverse impact of having >> system users default to 0750 so my preference would be to maintain this, >> but again I am interested to understand any good reasons why 0755 might >> be preferred in this case. > > Since 0750 is tighter than 0755 and it obviously works for Ubuntu, > Debian could switch to 0750 for SYS_DIR_MODE as well. Sounds good to me :) > > -- > Benjamin Drung > Debian & Ubuntu Developer > > -- > ubuntu-devel mailing list > ubuntu-devel@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: Default DIR_MODE for Ubuntu
On Wed, 2022-11-02 at 18:15 +0100, Alex Murray wrote: > On Wed, 2022-11-02 at 15:23:08 +, Benjamin Drung wrote: > > > Hi everyone, > > > > adduser 3.123 (in Debian) changed the default mode for normal users > > (DIR_MODE) from 0755 to 0700. The default mode for system user > > (SYS_DIR_MODE) stayed untouched at 0755. See [1] and [2] for a > > reasoning. > > > > Ubuntu on the other hand has been using mode 0750 for normal and system > > users for a long time. > > > > I like to have the same default permissions on Debian and Ubuntu for > > consistency reasons. Can we adopt the default permission from Debian or > > should we start a discussion in Debian to change their DIR_MODE to > > 0750? > > I don't see much of a tangible benefit to switching to DIR_MODE=0700 by > default in Ubuntu, however I would not oppose such a change - tighter > permissions generally sounds like a good thing, but I wonder if there > are other use-cases that this may break (and given that this is the > permission for the user's primary group I don't see that is has much of > a tangible difference as in general most users are not members of other > users' primary groups). I agree. Since users have their own primary group it makes more sense to have this users group have read access. So people can easily add users to other users groups to give them read access. I read through the mails on Debian and found no mentioning about 0750. So do you agree that I start a conversation in Debian for Debian change to 0750? > Regarding SYS_DIR_MODE, I am not sure I fully understand the reasoning > for this remaining at 0755 - this doesn't seem to be specified in either > the NEWS or README. These seem to only say that there was a desire to > separate the two and have more restrictive permissions for regular users > without affecting system users, but there is no mention of particular > use-cases that would drive this decision. The SYS_DIR_MODE was introduced to have separate permission for normal and system users (to be able to only change normal user permission). > In the case of Ubuntu, I am not aware of any adverse impact of having > system users default to 0750 so my preference would be to maintain this, > but again I am interested to understand any good reasons why 0755 might > be preferred in this case. Since 0750 is tighter than 0755 and it obviously works for Ubuntu, Debian could switch to 0750 for SYS_DIR_MODE as well. -- Benjamin Drung Debian & Ubuntu Developer -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: Default DIR_MODE for Ubuntu
On Wed, 2022-11-02 at 15:23:08 +, Benjamin Drung wrote: > Hi everyone, > > adduser 3.123 (in Debian) changed the default mode for normal users > (DIR_MODE) from 0755 to 0700. The default mode for system user > (SYS_DIR_MODE) stayed untouched at 0755. See [1] and [2] for a > reasoning. > > Ubuntu on the other hand has been using mode 0750 for normal and system > users for a long time. > > I like to have the same default permissions on Debian and Ubuntu for > consistency reasons. Can we adopt the default permission from Debian or > should we start a discussion in Debian to change their DIR_MODE to > 0750? I don't see much of a tangible benefit to switching to DIR_MODE=0700 by default in Ubuntu, however I would not oppose such a change - tighter permissions generally sounds like a good thing, but I wonder if there are other use-cases that this may break (and given that this is the permission for the user's primary group I don't see that is has much of a tangible difference as in general most users are not members of other users' primary groups). Regarding SYS_DIR_MODE, I am not sure I fully understand the reasoning for this remaining at 0755 - this doesn't seem to be specified in either the NEWS or README. These seem to only say that there was a desire to separate the two and have more restrictive permissions for regular users without affecting system users, but there is no mention of particular use-cases that would drive this decision. In the case of Ubuntu, I am not aware of any adverse impact of having system users default to 0750 so my preference would be to maintain this, but again I am interested to understand any good reasons why 0755 might be preferred in this case. > > [1] https://salsa.debian.org/debian/adduser/-/blob/master/debian/NEWS > [2] "Default for DIR_MODE" on > https://salsa.debian.org/debian/adduser/-/blob/master/debian/README > > -- > Benjamin Drung > Debian & Ubuntu Developer > > -- > ubuntu-devel mailing list > ubuntu-devel@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: Default DIR_MODE for Ubuntu
hi, Am Mittwoch, dem 02.11.2022 um 15:23 + schrieb Benjamin Drung: > Ubuntu on the other hand has been using mode 0750 for normal and > system users for a long time. not sure i would call 21.04 a "long time" :) https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533 (we should probably have switched to 0700 to avoid two such transitions in a row though) ciao oli signature.asc Description: This is a digitally signed message part -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Default DIR_MODE for Ubuntu
Hi everyone, adduser 3.123 (in Debian) changed the default mode for normal users (DIR_MODE) from 0755 to 0700. The default mode for system user (SYS_DIR_MODE) stayed untouched at 0755. See [1] and [2] for a reasoning. Ubuntu on the other hand has been using mode 0750 for normal and system users for a long time. I like to have the same default permissions on Debian and Ubuntu for consistency reasons. Can we adopt the default permission from Debian or should we start a discussion in Debian to change their DIR_MODE to 0750? [1] https://salsa.debian.org/debian/adduser/-/blob/master/debian/NEWS [2] "Default for DIR_MODE" on https://salsa.debian.org/debian/adduser/-/blob/master/debian/README -- Benjamin Drung Debian & Ubuntu Developer -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
