Just to follow up on this thread - since there was no opposition to this
proposal, I have uploaded updated adduser and shadow packages to
hirsute-proposed to support setting the mode of home directories to 750
by default when they are created via either adduser or useradd.
Let me know if you encounter any significant issues :)
On Fri, 2020-11-27 at 16:40:48 +1030, Alex Murray wrote:
On Fri, 2020-11-27 at 03:39:36 +1030, Dimitri John Ledkov wrote:
On Thu, Nov 26, 2020 at 2:31 AM Alex Murray <alex.mur...@canonical.com>
wrote:
setfacl -m u:libvirt-qemu:rx $HOME
Similar to above for qemu are there similar setfacl commands, would
something similar be also needed for:
- sshd user to access ~/.ssh/authorized_keys , or nothing needed
there?
There is nothing needed here, ssh with public key auth works fine with
750 $HOME - sshd runs as root so this is fine
- in GNOME making ~/Public public?
Also tested this and is fine - gnome-user-shame spawns apache2 running
as the target user to share via webdav so this also works
- giving access to ~/public_html for the www-data user?
This also needs the same ACL based approach:
setfacl -m u:www-data:rx $HOME
If yes, then what are the commands?
I like this approach of selective and explicit setfacl commands to
grant ACLs on per-usecase basis. This is inline with modern ways of
managing permissions.
--
Regards,
Dimitri.
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
