On Thu, 2022-11-03 at 10:11:59 +0000, Benjamin Drung wrote: > On Wed, 2022-11-02 at 18:15 +0100, Alex Murray wrote: >> On Wed, 2022-11-02 at 15:23:08 +0000, Benjamin Drung wrote: >> >> > Hi everyone, >> > >> > adduser 3.123 (in Debian) changed the default mode for normal users >> > (DIR_MODE) from 0755 to 0700. The default mode for system user >> > (SYS_DIR_MODE) stayed untouched at 0755. See [1] and [2] for a >> > reasoning. >> > >> > Ubuntu on the other hand has been using mode 0750 for normal and system >> > users for a long time. >> > >> > I like to have the same default permissions on Debian and Ubuntu for >> > consistency reasons. Can we adopt the default permission from Debian or >> > should we start a discussion in Debian to change their DIR_MODE to >> > 0750? >> >> I don't see much of a tangible benefit to switching to DIR_MODE=0700 by >> default in Ubuntu, however I would not oppose such a change - tighter >> permissions generally sounds like a good thing, but I wonder if there >> are other use-cases that this may break (and given that this is the >> permission for the user's primary group I don't see that is has much of >> a tangible difference as in general most users are not members of other >> users' primary groups). > > I agree. Since users have their own primary group it makes more sense to > have this users group have read access. So people can easily add users > to other users groups to give them read access. > > I read through the mails on Debian and found no mentioning about 0750. > So do you agree that I start a conversation in Debian for Debian change > to 0750? >
Yes, if you want to unify this between Debian and Ubuntu that would be my preferred option. >> Regarding SYS_DIR_MODE, I am not sure I fully understand the reasoning >> for this remaining at 0755 - this doesn't seem to be specified in either >> the NEWS or README. These seem to only say that there was a desire to >> separate the two and have more restrictive permissions for regular users >> without affecting system users, but there is no mention of particular >> use-cases that would drive this decision. > > The SYS_DIR_MODE was introduced to have separate permission for normal > and system users (to be able to only change normal user permission). > >> In the case of Ubuntu, I am not aware of any adverse impact of having >> system users default to 0750 so my preference would be to maintain this, >> but again I am interested to understand any good reasons why 0755 might >> be preferred in this case. > > Since 0750 is tighter than 0755 and it obviously works for Ubuntu, > Debian could switch to 0750 for SYS_DIR_MODE as well. Sounds good to me :) > > -- > Benjamin Drung > Debian & Ubuntu Developer > > -- > ubuntu-devel mailing list > ubuntu-devel@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel