Ubuntu

Incorrect permissions for home directories

Bug #63360 reported by Boris Kolar on 2006-10-01

This bug report is a duplicate of: Bug #67128: Incorrect permissions (home directories). Edit Remove

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu	Invalid	Undecided	Unassigned

Bug Description

Home directories (home/<username> created by installer , /root) have 0755 permissions, which allows users to read other user's files and directories. Permissions should be set to 0700.

Revision history for this message

Martin Pitt (pitti) wrote on 2006-10-30:

This is an explicit design decision to make sharing files easy (and feasible at all for non-techy users). Files with sensible data (emails, SSH/GPG keys, etc.) are created with appropriate privileges anyway.

Revision history for this message

Boris Kolar (boris-kolar) wrote on 2006-11-04:

It's a terrible design decision. Making saring easy is good, sharing by default is not. Please also see #67128 for arguments, why this design decision needs to be changed (most notably: it violated "security by default" principle).

I don't want to start a fight here, because it's easy for me to chmod 0700 for desired behaviour. But novice users may be unaware that their home directories are shared by default. This can cause serious leaks of sensible data (including passwords, or bank account info) which users have put in their home directories. I strongly believe that sharing should require explicit action (perhaps with a check box in some GUI configuration program), which indeed makes things a bit more complex, but not necessarily too complex for novice users.

In any case, making sharing explicit (and therefore more difficult) is better than allowing possibility of catastrophic private data leaks.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #67128 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.