oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Debian FEATURE: /home/loser is with permissions 755, default umask 0022

From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Thu, 8 Oct 2020 08:29:39 -0500 (CDT)
On Thu, 8 Oct 2020, Seth Arnold wrote:


On Wed, Oct 07, 2020 at 04:09:59PM -0500, Bob Friesenhahn wrote:

Ubuntu Linux (a Debian derivative) has changed the default.  However, we
found that the Ubuntu default caused problems for us while building our
software, and so we changed them back.


Hello Bob, can you please share some details on this?

I expect Ubuntu home directories to be 755 by default:
https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access

And while it is very difficult to say "the umask", given that every
process's umask setting depends upon the actions of not only itself but
also its nearest parent to use the umask(2) syscall, but:

$ grep ^UMASK /etc/login.defs
UMASK           022
It seems that the issue we encountered is due to 'USERGROUPS_ENAB yes' in /etc/login.defs. I am not sure if this is specific to Ubuntu. This setting changes the umask from the default: 

# Enable setting of the umask group bits to be the same as owner bits
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
# the same as gid, and username is the same as the primary group name.
#
# If set to yes, userdel will remove the user's group if it contains no
# more members, and useradd will create by default a group with the name
# of the user.
#
USERGROUPS_ENAB yes

Bob
--
Bob Friesenhahn
bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
Public Key,     http://www.simplesystems.org/users/bfriesen/public-key.txt
Previous By Date Next
Previous By Thread Next

Current thread: