new user home dir given restrictive permissions

Bug #20128 reported by Simon Smith
22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GST
Fix Released
Medium
gnome-system-tools (Ubuntu)
Medium
Sebastien Bacher

Bug Description

when a new user is added with the Users and Groups capplet the permissions on
their home directory are:
drwx------
so it is not readable by anyone other than that user and root.

i don't know whether this is intentional for security reasons, but it prevents
gdm from reading the users' face picture (~/.face) for the face browser on the
greeter.

although the current ubuntu gdm theme doesn't use the browser at the mo, it
probably will sometime soon (see bug #14630), so this will become a problem

http://bugzilla.gnome.org/show_bug.cgi?id=156426: http://bugzilla.gnome.org/show_bug.cgi?id=156426

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks for your bug. What version of Ubuntu do you use? The default mode is this
one for security reason. That works fine with the current gdm for me.

Revision history for this message
Simon Smith (smith-simon) wrote :

Well I installed hoary but have been updating using the breezy repositories, so
I guess it's breezy.

With the permissions set like they are, the GDM face browser still works but the
users only ever show up as having the default picture as their 'face' (except
the user account created during install, IIRC). So in that sense its not really
an importatnt issue right now, unless ubuntu ships with a face browser theme as
default and people want to be able to personalise user accounts.

Revision history for this message
Sandis Neilands (sandis-deactivatedaccount) wrote :

Hi!

I spotted this bug too. The problem is that ubuntu(debian) installer creates a
user with 755 on home directory, but "users and groups" creates users with 700
on their home directories. Shouldn't there be some kind of standart?

Revision history for this message
Matt Zimmerman (mdz) wrote :

g-s-t should use adduser, which follows a system-wide configuration setting for
the permissions of the home directory

Revision history for this message
Matt Zimmerman (mdz) wrote :

*** Bug 24113 has been marked as a duplicate of this bug. ***

Revision history for this message
Jay Camp (jayc) wrote :

Personally I think that home accounts should be created as 700 (disregarding
other technical implications for the moment).

Use case:
----------------
A family computer is shared by the parents as well as two children, Suzy and
Johnny. Suzy is 14. She likes to talk to her friends online. A lot. She
keeps her IM conversations logged and sometimes writes in her diary.

Johnny is 12 and, naturally, likes to pry into Suzy's business. He logs in as
his user but then browses around through Suzy's home directory, reading her IM
conversations. From time to time, Johnny likes to check his father's gnucash
ledger to make sure he is getting a proportionate amount of money for his allowance.
----------------

Sorry to drag on, but the point is on a multi-user system, I think users have a
basic expectation that their data shouldn't be readable by others unless they
give them permission. (Obviously this neglects the fact that they can just boot
into single user mode, but all bets are off when somebody has physical access to
a system anyway).

Couldn't ACL's be used to remedy this problem? GDM could be assigned access to
~/.face and apache to ~/public_html. Of course how ~/public_html would get the
right permissions when the user creates it would probably be an entire problem
in and of itself.

Revision history for this message
Colin Watson (cjwatson) wrote :

(In reply to comment #6)
> Use case:
> ----------------
> A family computer is shared by the parents as well as two children, Suzy and
> Johnny. Suzy is 14. She likes to talk to her friends online. A lot. She
> keeps her IM conversations logged and sometimes writes in her diary.
>
> Johnny is 12 and, naturally, likes to pry into Suzy's business. He logs in as
> his user but then browses around through Suzy's home directory, reading her IM
> conversations. From time to time, Johnny likes to check his father's gnucash
> ledger to make sure he is getting a proportionate amount of money for his
allowance.
> ----------------

Use case:
----------------
Suzy has taken some photos of the countryside on her digital camera and wants to
leave them for Johnny to use in his school project. She doesn't have any web
space, and the quota on Johnny's e-mail account is too small to be able to
e-mail him the files. She doesn't know how to make her home directory
world-readable so that Johnny can get to the photos when she's out. Frustrated,
she gives up and wastes paper by printing them out so that Johnny has to work
out how to use the scanner.
----------------

I would far rather see a good UI where it's obvious just from looking at a
nautilus window which files are world-readable and which aren't, and how to
change them, so that users can act appropriately. Non-readable home directories
are a pain in the backside on multi-user systems.

Revision history for this message
Matt Zimmerman (mdz) wrote :

(In reply to comment #6)
> Johnny is 12 and, naturally, likes to pry into Suzy's business. He logs in as
> his user but then browses around through Suzy's home directory, reading her IM
> conversations.

~/.gaim, like other security/privacy-sensitive directories, is created with
restrictive permissions by default.

Revision history for this message
Sebastien Bacher (seb128) wrote :

there is a bug upstream to use adduser instead of useradd:
http://bugzilla.gnome.org/show_bug.cgi?id=156426

Revision history for this message
Sebastien Bacher (seb128) wrote :

Fixed to edgy

Changed in gnome-system-tools:
status: Unconfirmed → Fix Released
Changed in gst:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.