Package: adduser Version: 3.121 Severity: important This is one of the bugs resulting from the policy and debian-devel consultations that happened in March 2022. It is the prerequisite to address #202943, #202944, #442627 and #782001.
adduser --system should chmod the home directory of the freshly created account to the value of a new configuration variable SYS_DIR_MODE (with a default of 0755). Document (README.adduser-for-packages, adduser(8)) that changing the default might affect the function of the system since most packages expect their account's home directory to have mode 0755. If SYS_DIR_MODE is too restrictive, some packages will break, if it's too permissive, some packages will become insecure. SYS_DIR_MODE should not be defined the default configuration file but have the default in the code (to put a bit higher hurdle to breaking systems). After implementing SYS_DIR_MODE, change default for DIR_MODE to 2700. Document (NEWS.Debian) that public_html-style configurations and mail-in-homedir setups will need manual, per-user adjustments.