Comment 23 for bug 48734

Without getting all worked up here, flaccid does raise one very good point.
 The Mac OS X system works beautifully; that is making everything locked by
default except for a folder explicitly labeled "Public" containing a "Drop
Box" for file transfer to the user. This approach respects both
perspectives, making it extremely easy to share what you want while still
respecting privacy and security by default.

On Thu, Mar 11, 2010 at 9:44 PM, flaccid <email address hidden> wrote:

> @Mark Shuttleworth
>
> I don't know where to start with your flaws, but I'll at least flag a
> few + relevant points.
>
> 1. A majority != all
> 2. The wiki confirms that this is a security bug
> 3. People store their mail in the home directory (this is only 1 example).
> You can then own the user or get the information you need etc. Identity
> theft is huge and this is only one of the consequences
> 4. Linux for human beings? We like privacy. Sharing with friends or
> relatives.. Believe it or not, most friends and relatives like to keep their
> personal information private, I'm sure you do too
> 5. You say the word 'assume'. Why would you ever assume trust? Security
> Engineers are paid to prevent such assumptions
> 6. Sure you can circumvent via USB boot, but in Ubuntu you can use an
> encrypted FS or encrypt folders to negate this if you want to
> 7. Ubuntu is being used in Universities, schools, organisations etc. Wasn't
> this an objective of Ubuntu - to gain market share/use/awareness in any
> environment? Are you really ignorant to think that Ubuntu is only being used
> at home?
> 8. Real unix/posix operating systems don't make home dirs public. A lot of
> admins won't even think about checking the perms as a result. We get totally
> shocked when we first find this out, and obviously a lot have already been
> bitten.
>
> One only has to look at competitors such as OS X to see that sharing
> features/frontends have been placed in the Desktop Environment to allow
> users to easily share files within sub-folders of their home.
> You may be suprised, but I have never heard anyone complain that this is
> hard for an inexperience user to do.
>
> --
> Home permissions too open
> https://bugs.launchpad.net/bugs/48734
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in “adduser” package in Ubuntu: Invalid
>
> Bug description:
> Binary package hint: debian-installer
>
> On a fresh dapper install i noticed that the file permissons for the home
> directory for the user created by the installer is set to 755, giving read
> access to everyone on the system.
>
> Surely this is a bad idea? If your set on the idea can we atleast have a
> option during the boot proccess?
>
> Also new files that are created via the console ('touch' etc.) are done so
> with '644' permissons, is there anything that can be done here? nautlius
> seems to create files at '600', which is a better setting.
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscribe
>