Ubuntu RTM

Bug #48734
Comment #48

Comment 48 for bug 48734

Revision history for this message

Marcus Haslam (marcus-haslam) wrote on 2012-12-10: Re: [Bug 48734] Re: Home permissions too open

#48

I will be out of the office until 9th January, in my absense please contact Nick Tait

On 14 Nov 2012, at 23:03, Alexander Adam <email address hidden> wrote:

> Sorry but the decision still doesn't make any sense to me.
> I have to change the default permissions on every installation which is indeed *not* usability friendly.
>
> Besides that the public-dir would be perfect for this (wouldn't it be possible to symlink public to a directory outside of users home and so leave it accessible for everyone?): I never ever intenionally shared files between home-dirs.
> Addionally I have to add that I even talked with many colleagues and friends for this "feature" and (surprise surprise) they also don't use this "feature".
>
> But many people doesn't know that a default ubuntu-installation behaves like this. And this is the real danger.
> If you want a proof you can find many more people in the web who where negative surprised (besides the ones in this bug-ticket).
> Wether in ubuntu forums, askubuntu.com, blogs or here on launchpad: obviously no one is expecting that.
>
> And even IF Colin Watson amazingly really have more cases with public
> read access than private access then it should be at least decidable by
> the user (as mentioned by himself in #8). And I don't mean by
> /etc/adduser.conf but in the GUI (ie an checkbox in usermanagement
> wether the home-dir should be readable and/or a checkbox on the
> installer).
>
> Furthermore like David Henningsson already said: if you have even a
> public dir wouldn't it be intuitive to expect that the other directories
> and files aren't public?
>
> I totally agree with aysiu what the defaults should like and I also
> think like flaccid that even IF somewant WANTS to share his home-dir it
> is the worst idea to share files. There are thousands of possibilities
> but sharing the whole home directory should be the default?
>
> Marc Deslauriers even if every tool which stores the permissions
> correct: as long as the user doesn't knows that his files are visible it
> is still an terrible issue - isn't it? If the user manages his files
> which leads to unintentinally public data there is definitely a need to
> improve something.
>
> It was a phantastic step to offer simple solutions for encrypting the whole disk, home- or private-dir. But even if I have a fresh installation with an encrypted disk and I prohibited booting from usb or networking there could be a case like this:
> I am booting the system (type the passphrase) and leaving the room for a moment than someone could login to the (default-activated?) guest login and steal my data. In this case the attacker needs nearly nothing for getting everything.
> And even in "smaller" circles when family members share accounts on one computer they mostly expect their home dir is their little home - including a little amount of privacy.
>
> And to complete the analogy in "real life". See the home-dir like a real
> home with your own room. Inner-flat doors are often lockable even if you
> know that these locks give just a low-level-security.
>
> For a project which claims to listen to their customers: with all due
> respect but nobody seems to really listen here (or on ubuntu forums,
> askubuntu, …) while they are good reasons mentioned for a meaningful
> revision.
>
> So Mark Shuttleworth: No facts or circumstances changed, because there
> are still many people who think that the default is wrong, but is that
> really not a reason enough?
>
> Or make a poll and ask them at least.
>
> --
> You received this bug notification because you are a member of Canonical
> User Experience and Design team, which is subscribed to a duplicate bug
> report (460490).
> https://bugs.launchpad.net/bugs/48734
>
> Title:
> Home permissions too open
>
> Status in “adduser” package in Ubuntu:
> Opinion
>
> Bug description:
> Binary package hint: debian-installer
>
> On a fresh dapper install i noticed that the file permissons for the
> home directory for the user created by the installer is set to 755,
> giving read access to everyone on the system.
>
> Surely this is a bad idea? If your set on the idea can we atleast have
> a option during the boot proccess?
>
> Also new files that are created via the console ('touch' etc.) are
> done so with '644' permissons, is there anything that can be done
> here? nautlius seems to create files at '600', which is a better
> setting.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions

I will be out of the office until 9th January, in my absense please contact Nick Tait

On 14 Nov 2012, at 23:03, Alexander Adam <48734@bugs.launchpad.net> wrote:

> Sorry but the decision still doesn't make any sense to me.
> I have to change the default permissions on every installation which is indeed *not* usability friendly.
> 
> Besides that the public-dir would be perfect for this (wouldn't it be possible to symlink public to a directory outside of users home and so leave it accessible for everyone?): I never ever intenionally shared files between home-dirs.
> Addionally I have to add that I even talked with many colleagues and friends for this "feature" and (surprise surprise) they also don't use this "feature".
> 
> But many people doesn't know that a default ubuntu-installation behaves like this. And this is the real danger.
> If you want a proof you can find many more people in the web who where negative surprised (besides the ones in this bug-ticket).
> Wether in ubuntu forums, askubuntu.com, blogs or here on launchpad: obviously no one is expecting that.
> 
> And even IF Colin Watson amazingly really have more cases with public
> read access than private access then it should be at least decidable by
> the user (as mentioned by himself in #8). And I don't mean by
> /etc/adduser.conf but in the GUI (ie an checkbox in usermanagement
> wether the home-dir should be readable and/or a checkbox on the
> installer).
> 
> Furthermore like David Henningsson already said: if you have even a
> public dir wouldn't it be intuitive to expect that the other directories
> and files aren't public?
> 
> I totally agree with aysiu what the defaults should like and I also
> think like flaccid that even IF somewant WANTS to share his home-dir it
> is the worst idea to share files. There are thousands of possibilities
> but sharing the whole home directory should be the default?
> 
> Marc Deslauriers even if every tool which stores the permissions
> correct: as long as the user doesn't knows that his files are visible it
> is still an terrible issue - isn't it? If the user manages his files
> which leads to unintentinally public data there is definitely a need to
> improve something.
> 
> It was a phantastic step to offer simple solutions for encrypting the whole disk, home- or private-dir. But even if I have a fresh installation with an encrypted disk and I prohibited booting from usb or networking there could be a case like this:
> I am booting the system (type the passphrase) and leaving the room for a moment than someone could login to the (default-activated?) guest login and steal my data. In this case the attacker needs nearly nothing for getting everything.
> And even in "smaller" circles when family members share accounts on one computer they mostly expect their home dir is their little home - including a little amount of privacy.
> 
> And to complete the analogy in "real life". See the home-dir like a real
> home with your own room. Inner-flat doors are often lockable even if you
> know that these locks give just a low-level-security.
> 
> For a project which claims to listen to their customers: with all due
> respect but nobody seems to really listen here (or on ubuntu forums,
> askubuntu, …) while they are good reasons mentioned for a meaningful
> revision.
> 
> So Mark Shuttleworth: No facts or circumstances changed, because there
> are still many people who think that the default is wrong, but is that
> really not a reason enough?
> 
> Or make a poll and ask them at least.
> 
> -- 
> You received this bug notification because you are a member of Canonical
> User Experience and Design team, which is subscribed to a duplicate bug
> report (460490).
> https://bugs.launchpad.net/bugs/48734
> 
> Title:
>  Home permissions too open
> 
> Status in “adduser” package in Ubuntu:
>  Opinion
> 
> Bug description:
>  Binary package hint: debian-installer
> 
>  On a fresh dapper install i noticed that the file permissons for the
>  home directory for the user created by the installer is set to 755,
>  giving read access to everyone on the system.
> 
>  Surely this is a bad idea? If your set on the idea can we atleast have
>  a option during the boot proccess?
> 
>  Also new files that are created via the console ('touch' etc.) are
>  done so with '644' permissons, is there anything that can be done
>  here? nautlius seems to create files at '600', which is a better
>  setting.
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions