GNU bug report logs - #27135
/root is world readable by default

Previous Next

Package: guix;

Reported by: Alex Griffin <a <at> ajgrf.com>

Date: Mon, 29 May 2017 19:05:01 UTC

Severity: normal

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Marius Bakke <mbakke <at> fastmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Alex Griffin <a <at> ajgrf.com>
Cc: 27135-done <at> debbugs.gnu.org
Subject: bug#27135: /root is world readable by default
Date: Tue, 30 May 2017 18:24:49 +0200

[Message part 1 (text/plain, inline)]

Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi Alex,
>
> Alex Griffin <a <at> ajgrf.com> skribis:
>
>> After a default install of GuixSD, anybody can read root's home
>> directory. I think /root should have permissions 700 instead of 755.
>
> Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744.
>
> For the other user accounts, useradd(8) does its thing, and apparently
> it defaults to world-readable accounts (it defaults to a umask of 022 as
> written in the man page).
>
> Thoughts?

I'm in favor of overriding that default. I usually chmod /home/* to 0700
anyway. 0750 would be okay too and probably covers more use cases.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 8 years and 50 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27135 /root is world readable by default

GNU bug report logs - #27135
/root is world readable by default