From unknown Fri Aug 15 20:56:44 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27135: /root is world readable by default Resent-From: Alex Griffin Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 29 May 2017 19:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 27135 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 27135@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.149608469311936 (code B ref -1); Mon, 29 May 2017 19:05:01 +0000 Received: (at submit) by debbugs.gnu.org; 29 May 2017 19:04:53 +0000 Received: from localhost ([127.0.0.1]:43748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFPyH-00036S-Lt for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:53 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44813) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFPyG-00036G-Ml for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFPy8-0001hS-KL for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:45 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37955) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dFPy8-0001hB-Hi for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:44 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35774) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFPy4-0003OJ-2b for bug-guix@gnu.org; Mon, 29 May 2017 15:04:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFPy1-0001fy-0u for bug-guix@gnu.org; Mon, 29 May 2017 15:04:40 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:52269) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dFPy0-0001fV-GY for bug-guix@gnu.org; Mon, 29 May 2017 15:04:36 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 5383D209CC for ; Mon, 29 May 2017 15:04:34 -0400 (EDT) Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Mon, 29 May 2017 15:04:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ajgrf.com; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=YLPdzmnm3MDwJIgu96psWfKtfVJSQurXsNh+zDrKZdk=; b=FmXTUjlb msboABl8+g8FgnV7+YmIMCWGaiyfyokKeSF3EDBiqAES1pHdzH5+O91LqkFEAfWo SLA88B/V7XMiF94Ujf/AYp/355+7Felzs/Gk0ZEJXCgW4zqM8lLwE59XUMk+bLgQ Z7EE/7QLnL/l1oXoV5+KJb5tdU60TO7Ij3PJDwkMSos1DLeqG//Dl4r7z1d0JpN7 v5l64VXJQeIrz9Wwjvj9z9WoLuHJGSWZrhSWWvtZdioA+Dnmn41I/qHQ5K6tCvRD 40WXJCgUi7YRUAbZmj8Pyr0a3jWAYhbpmuANv9jeyhac2nVfoP1Mzqdw+FhrriBc 7dxQk6BKzmvMLQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=YLPdzmnm3MDwJIgu96psWfKtfVJSQ urXsNh+zDrKZdk=; b=EUSrNaR0Ziv9rGxhh58ijZv3kJZTsk+EUbCQNcH6tWD8a sfrOlx+fHAzuyXZTMel24ER6QuOwk403C4gihuJ8iQxA6w5M1OnEM653ObUciPw1 YyfncSNaC2DSFFfJbi06eJ9++jFYbqokiX0+fluUuvtiOcxaD7vc45d1P30ryWSr f78dLveUrVJXynE4hvU18AEBzjadtBjWbH1BRqpKB3IQuiSf8o7iYF15syRlrT26 TpuZecLeraXuK7HycmkiuYBvQxjg++J4JsHIkJcd/fpfBiOxB/2/chxQMAN6+vZv jS3XVeETYqrefswD9wpZMlbPQmGEQl9ADkNKQOhag== X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 22C369E26F; Mon, 29 May 2017 15:04:34 -0400 (EDT) Message-Id: <1496084674.772351.992061712.59A7C89F@webmail.messagingengine.com> From: Alex Griffin MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-345b0d7d Date: Mon, 29 May 2017 14:04:34 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.3 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.3 (----) After a default install of GuixSD, anybody can read root's home directory. I think /root should have permissions 700 instead of 755. From unknown Fri Aug 15 20:56:44 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Alex Griffin Subject: bug#27135: closed (Re: bug#27135: /root is world readable by default) Message-ID: References: <878tle1fzk.fsf@gnu.org> <1496084674.772351.992061712.59A7C89F@webmail.messagingengine.com> X-Gnu-PR-Message: they-closed 27135 X-Gnu-PR-Package: guix Reply-To: 27135@debbugs.gnu.org Date: Tue, 30 May 2017 16:13:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1496160783-14100-1" This is a multi-part message in MIME format... ------------=_1496160783-14100-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #27135: /root is world readable by default which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 27135@debbugs.gnu.org. --=20 27135: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D27135 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1496160783-14100-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 27135-done) by debbugs.gnu.org; 30 May 2017 16:12:14 +0000 Received: from localhost ([127.0.0.1]:45523 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFjkj-0003e0-TP for submit@debbugs.gnu.org; Tue, 30 May 2017 12:12:14 -0400 Received: from eggs.gnu.org ([208.118.235.92]:38552) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFjki-0003dn-GJ for 27135-done@debbugs.gnu.org; Tue, 30 May 2017 12:12:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFjkX-00011E-Jr for 27135-done@debbugs.gnu.org; Tue, 30 May 2017 12:12:07 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50905) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFjkX-00011A-H2; Tue, 30 May 2017 12:12:01 -0400 Received: from [193.50.110.69] (port=56002 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dFjkW-0002Ne-V8; Tue, 30 May 2017 12:12:01 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Alex Griffin Subject: Re: bug#27135: /root is world readable by default References: <1496084674.772351.992061712.59A7C89F@webmail.messagingengine.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 11 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Tue, 30 May 2017 18:11:59 +0200 In-Reply-To: <1496084674.772351.992061712.59A7C89F@webmail.messagingengine.com> (Alex Griffin's message of "Mon, 29 May 2017 14:04:34 -0500") Message-ID: <878tle1fzk.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 27135-done Cc: 27135-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi Alex, Alex Griffin skribis: > After a default install of GuixSD, anybody can read root's home > directory. I think /root should have permissions 700 instead of 755. Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744. For the other user accounts, useradd(8) does its thing, and apparently it defaults to world-readable accounts (it defaults to a umask of 022 as written in the man page). Thoughts? Thanks, Ludo=E2=80=99. ------------=_1496160783-14100-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 29 May 2017 19:04:53 +0000 Received: from localhost ([127.0.0.1]:43748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFPyH-00036S-Lt for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:53 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44813) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFPyG-00036G-Ml for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFPy8-0001hS-KL for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:45 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37955) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dFPy8-0001hB-Hi for submit@debbugs.gnu.org; Mon, 29 May 2017 15:04:44 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35774) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFPy4-0003OJ-2b for bug-guix@gnu.org; Mon, 29 May 2017 15:04:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFPy1-0001fy-0u for bug-guix@gnu.org; Mon, 29 May 2017 15:04:40 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:52269) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dFPy0-0001fV-GY for bug-guix@gnu.org; Mon, 29 May 2017 15:04:36 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 5383D209CC for ; Mon, 29 May 2017 15:04:34 -0400 (EDT) Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Mon, 29 May 2017 15:04:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ajgrf.com; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=YLPdzmnm3MDwJIgu96psWfKtfVJSQurXsNh+zDrKZdk=; b=FmXTUjlb msboABl8+g8FgnV7+YmIMCWGaiyfyokKeSF3EDBiqAES1pHdzH5+O91LqkFEAfWo SLA88B/V7XMiF94Ujf/AYp/355+7Felzs/Gk0ZEJXCgW4zqM8lLwE59XUMk+bLgQ Z7EE/7QLnL/l1oXoV5+KJb5tdU60TO7Ij3PJDwkMSos1DLeqG//Dl4r7z1d0JpN7 v5l64VXJQeIrz9Wwjvj9z9WoLuHJGSWZrhSWWvtZdioA+Dnmn41I/qHQ5K6tCvRD 40WXJCgUi7YRUAbZmj8Pyr0a3jWAYhbpmuANv9jeyhac2nVfoP1Mzqdw+FhrriBc 7dxQk6BKzmvMLQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=YLPdzmnm3MDwJIgu96psWfKtfVJSQ urXsNh+zDrKZdk=; b=EUSrNaR0Ziv9rGxhh58ijZv3kJZTsk+EUbCQNcH6tWD8a sfrOlx+fHAzuyXZTMel24ER6QuOwk403C4gihuJ8iQxA6w5M1OnEM653ObUciPw1 YyfncSNaC2DSFFfJbi06eJ9++jFYbqokiX0+fluUuvtiOcxaD7vc45d1P30ryWSr f78dLveUrVJXynE4hvU18AEBzjadtBjWbH1BRqpKB3IQuiSf8o7iYF15syRlrT26 TpuZecLeraXuK7HycmkiuYBvQxjg++J4JsHIkJcd/fpfBiOxB/2/chxQMAN6+vZv jS3XVeETYqrefswD9wpZMlbPQmGEQl9ADkNKQOhag== X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 22C369E26F; Mon, 29 May 2017 15:04:34 -0400 (EDT) Message-Id: <1496084674.772351.992061712.59A7C89F@webmail.messagingengine.com> From: Alex Griffin To: bug-guix@gnu.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-345b0d7d Subject: /root is world readable by default Date: Mon, 29 May 2017 14:04:34 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.3 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.3 (----) After a default install of GuixSD, anybody can read root's home directory. I think /root should have permissions 700 instead of 755. ------------=_1496160783-14100-1-- From unknown Fri Aug 15 20:56:44 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27135: /root is world readable by default Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 30 May 2017 16:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27135 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Alex Griffin Cc: 27135-done@debbugs.gnu.org Received: via spool by 27135-done@debbugs.gnu.org id=D27135.149616149422142 (code D ref 27135); Tue, 30 May 2017 16:25:02 +0000 Received: (at 27135-done) by debbugs.gnu.org; 30 May 2017 16:24:54 +0000 Received: from localhost ([127.0.0.1]:45545 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFjwz-0005l4-QU for submit@debbugs.gnu.org; Tue, 30 May 2017 12:24:53 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:49017) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dFjwy-0005kx-LK for 27135-done@debbugs.gnu.org; Tue, 30 May 2017 12:24:52 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 8403520C6E; Tue, 30 May 2017 12:24:52 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Tue, 30 May 2017 12:24:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=d3KceDDQXNEjCDleJu9EqqWdY8spoPswiRmGUo2MJ dE=; b=wAOxeP44VgP68rg5n1utvfw7GFzIsM1rziNXpfwEmnisH3TmEnt7UTT03 dZPVsWc/7WLTJROGls/F445CrXmSnCcq6gSEAEtiSXoy58DSq6jUFw9x8mD5uv/6 5fIWM9p2qQ05b7TZ25utlgbjIBKO0tyFOhkTOFFIH5RRzW14qlo4IcOm9cyxYxhi tdCWhsDPTepNRqGgbv0Kgv0oZpBImFa9nlRdn306Z2QcPZfWBlHjYJQJH8F202Az HdU2rdVEi2KFPnfZSI3aJam+55BkabGKEw+cK/is++iHJlIFLZsuyoMeSPDRMXz6 xKMZofyVt8gl2PJPHSCXfc1Bjic+A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=d3KceDDQXNEjCDleJu 9EqqWdY8spoPswiRmGUo2MJdE=; b=iZ6J2QiRdc8IPqlkKGbDjaTbV2uGpMBdgW 2VfhFTZXPw9tqeda2E0g/U34m6BbpynFtjZBJUKVlISijRmVJM7aGGyh5OMKpQBW DKd5MCL2aQOYG9kWWzrWJ7RQqUf7gjaIQ1YreUER/IRbUiqPXWm7UfVqegfl9Od0 gdj4bMaaSuTZ/I8LqoxyhbctF4Zi/776z/nDHyL3bj5Fyqqy3264p8Eywj25HWNd HhAxnA7L8FW6ycrETopHnccoR2uMSEcPHm1rprtLBPxhNChr+MW4ciHv1OM5A8Vf Isglc+MLTJattYxnVNePM5gsewdYsKqtdNGIIy70uVc2nwqBt7Xg== X-ME-Sender: X-Sasl-enc: TNv03knYZ/dmamfsCx5hT76KBqecOpXwXGgYCT4Rdf0c 1496161492 Received: from localhost (unknown [185.3.4.227]) by mail.messagingengine.com (Postfix) with ESMTPA id E344B2486C; Tue, 30 May 2017 12:24:51 -0400 (EDT) From: Marius Bakke In-Reply-To: <878tle1fzk.fsf@gnu.org> References: <1496084674.772351.992061712.59A7C89F@webmail.messagingengine.com> <878tle1fzk.fsf@gnu.org> User-Agent: Notmuch/0.24.1 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) Date: Tue, 30 May 2017 18:24:49 +0200 Message-ID: <87efv6e2i6.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hi Alex, > > Alex Griffin skribis: > >> After a default install of GuixSD, anybody can read root's home >> directory. I think /root should have permissions 700 instead of 755. > > Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744. > > For the other user accounts, useradd(8) does its thing, and apparently > it defaults to world-readable accounts (it defaults to a umask of 022 as > written in the man page). > > Thoughts? I'm in favor of overriding that default. I usually chmod /home/* to 0700 anyway. 0750 would be okay too and probably covers more use cases. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlktnNIACgkQoqBt8qM6 VPoQdAgAtIrIKG9cb23bSL/OL9oDrQJewcgYDLBkUILocdd7yJqUpFa8WxeIIQOU 4m4maVx0fkhoplb7AUsi24lpt0XWm+2RkMBseQVsswGlodzG7DwY7mlLteOQm8Yh 4zD3i2a2BnkhAcGlibsiEXGm65lFXI/7mDA1qGv/sAoJcdruHZ5W5EvNqALYhjjC tGlKYg3Y7ZEYaPVTG3Eav7sDKnBbpfkAyywW8YvFrsFPOdET7vbExNz+vfLjqYMe aMuIIXTSM/H2FC52pA1GTjqSWo7kNNO3EwgQTTdSTo+6uhEPm7lYMIva8NkqMJ1i xuSmblUkvpuvjf+f7dfBVp6DyA5P3A== =j8Bu -----END PGP SIGNATURE----- --=-=-=--