GNU bug report logs - #27135
/root is world readable by default

Previous Next

Package: guix;

Reported by: Alex Griffin <a <at> ajgrf.com>

Date: Mon, 29 May 2017 19:05:01 UTC

Severity: normal

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 27135 in the body.
You can then email your comments to 27135 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#27135; Package guix. (Mon, 29 May 2017 19:05:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Alex Griffin <a <at> ajgrf.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 29 May 2017 19:05:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Alex Griffin <a <at> ajgrf.com>
To: bug-guix <at> gnu.org
Subject: /root is world readable by default
Date: Mon, 29 May 2017 14:04:34 -0500

After a default install of GuixSD, anybody can read root's home
directory. I think /root should have permissions 700 instead of 755.
Reply sent to ludo <at> gnu.org (Ludovic Courtès):
You have taken responsibility. (Tue, 30 May 2017 16:13:03 GMT) Full text and rfc822 format available.
Notification sent to Alex Griffin <a <at> ajgrf.com>:
bug acknowledged by developer. (Tue, 30 May 2017 16:13:03 GMT) Full text and rfc822 format available.

Message #10 received at 27135-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Alex Griffin <a <at> ajgrf.com>
Cc: 27135-done <at> debbugs.gnu.org
Subject: Re: bug#27135: /root is world readable by default
Date: Tue, 30 May 2017 18:11:59 +0200

Hi Alex,

Alex Griffin <a <at> ajgrf.com> skribis:

> After a default install of GuixSD, anybody can read root's home
> directory. I think /root should have permissions 700 instead of 755.

Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744.

For the other user accounts, useradd(8) does its thing, and apparently
it defaults to world-readable accounts (it defaults to a umask of 022 as
written in the man page).

Thoughts?

Thanks,
Ludo’.
Information forwarded to bug-guix <at> gnu.org:
bug#27135; Package guix. (Tue, 30 May 2017 16:25:02 GMT) Full text and rfc822 format available.

Message #13 received at 27135-done <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Alex Griffin <a <at> ajgrf.com>
Cc: 27135-done <at> debbugs.gnu.org
Subject: Re: bug#27135: /root is world readable by default
Date: Tue, 30 May 2017 18:24:49 +0200

[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi Alex,
>
> Alex Griffin <a <at> ajgrf.com> skribis:
>
>> After a default install of GuixSD, anybody can read root's home
>> directory. I think /root should have permissions 700 instead of 755.
>
> Fixed in 41db5a756369f5b14d1e67a523ee0940cad56744.
>
> For the other user accounts, useradd(8) does its thing, and apparently
> it defaults to world-readable accounts (it defaults to a umask of 022 as
> written in the man page).
>
> Thoughts?

I'm in favor of overriding that default. I usually chmod /home/* to 0700
anyway. 0750 would be okay too and probably covers more use cases.

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 28 Jun 2017 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 6 years and 304 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.