It really surprises me (negatively) that most Ubuntu experts seem to agree on this design decision. Isn't a well accepted fact that security can affect usability?.
Now, about: > We assume that the people who share the machine are either trusted, or in a position to hack the machine (boot from USB!) trivially. That assumption is not correct for me, for example, when I lend my computer to someone else, I don't usually trust them completely (so I'm still sitting near enough so they can't boot from an USB without being caught) and I just want to share with them the minimum they need to get their work done and having access to my personal files is not part of what they require. And about: > Now, in a more complex environment, like a university machine with many users, people do not have access to the hardware and can't easily root the box, but they also have the sysadmin skills to change the default permission. I think that it doesn't hold a totally valid point as sysadmins like me tend to think that the default system settings are always secure enough for most regular deployments, so you don't think it is a good idea to change those settings unless you've read a thread like this one... which not everyone is willing to look for and then read. Finally, it seems to me that this default setting damages Linux reputation (for non-experts) of being a secure OS. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to adduser in Ubuntu. https://bugs.launchpad.net/bugs/48734 Title: Home permissions too open Status in adduser package in Ubuntu: Opinion Status in Ubuntu RTM: Opinion Bug description: Binary package hint: debian-installer On a fresh dapper install i noticed that the file permissons for the home directory for the user created by the installer is set to 755, giving read access to everyone on the system. Surely this is a bad idea? If your set on the idea can we atleast have a option during the boot proccess? Also new files that are created via the console ('touch' etc.) are done so with '644' permissons, is there anything that can be done here? nautlius seems to create files at '600', which is a better setting. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
