On Wed, Oct 17, 2012 at 10:44 AM, Marc Deslauriers <marc.deslauri...@canonical.com> wrote: > On 12-10-17 09:59 AM, John Moser wrote: >> I suggest all users should go into group 'users' as the default group, >> with $HOME default to 700 and in the group 'users'. A umask of 027 or >> the traditional 022 is still viable: the files in $HOME are not >> visible because you cannot list the contents of $HOME (not readable) >> or change into it to access the files within (not executable). A user >> can grant permissions to other users to access his files simply by >> making the directory readable by them--by 'users' or others (thus >> everyone) or by fine-grained POSIX ACLs selecting for individual users >> and groups. >> > > We want users to be able to share files with other users. Having $HOME > be 700 defeats that purpose. See: > > https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access >
Which, as I said, is accomplished by adding the user or an appropriate group to the Extended ACL of $HOME, as the umask is still permissive and the files are all owned by a common user group. It can also be blanket accomplished by adding read access to group or others on $HOME, which would return the system to effectively as it is now. > Also, one of the reasons for using User Private Groups, is to be able to > create directories that are used by multiple users, by setting the > setgid on the directory. With a default umask of 022, users need to > manually set group permissions each time they create a file. > Setting setgid on the directory to allow multiple users to add files to it still requires that the users be in the group or that the directory be world-writable. The proper way to accomplish this is, again, to place the directory into the shared 'users' group and grant individual user or group access via ACLs, rather than a shotgun approach by which either the directory is either world-writable or the users have to be put into some other user's group and then suddenly have blanket access to that user's files unless he tightens down permissions on his $HOME. setgid would also do ... just about nothing, since without setUID on the directory the file's permissions are still g-w. Although some Googling is telling me that Ubuntu changed the default umask to 002 back in Oneric, so apparently yeah this works, caveat above paragraph. In short, the current method is a lot of "this works..." with a lot of unintended consequences. > Marc. > > > -- > Marc Deslauriers > Ubuntu Security Engineer | http://www.ubuntu.com/ > Canonical Ltd. | http://www.canonical.com/ > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
