From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8407D15815E for ; Sun, 11 Feb 2024 09:33:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 03CC82BC033; Sun, 11 Feb 2024 09:33:39 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B176A2BC015 for ; Sun, 11 Feb 2024 09:33:38 +0000 (UTC) Message-ID: <5422f6beb048e4905f972611d7d138efc94dec2e.camel@gentoo.org> Subject: Re: [gentoo-dev] RFC: Setting default HOME_MODE in /etc/login.defs From: James Le Cuirot To: gentoo-dev@lists.gentoo.org Date: Sun, 11 Feb 2024 09:33:22 +0000 In-Reply-To: References: Autocrypt: addr=chewi@gentoo.org; prefer-encrypt=mutual; keydata=mQINBFPBLZQBEACkc6lcPvLMWaFupeWreFCnJebwLjiQgYlizl/nUzIcXXmj4gostejm/k8ulAjTSrqFnHtcJs+TkriJfQtFZUyGTmdH2GQeZKcjx6ugwsjGiPksigRHcwrDdIrtempsNjXGaZ0cZyrO6BHfUZ3irSUT3X4agSFQxsGnTfK1zLZCdMychY1vUlg9WynxSlnW+P7MsHM9ZtFquuPp2BD45AdPjSFyxlwIaaEqApWNXE96mewv3jX6C5voGLVTk1XD52gm8DVeVKcUFOhbu0tQO2nk/v88XTrNkEWEVRfHa1/zkue/YG1JGu21gfVIC/0wdZCu90AY9lo/4qaAy/HgtKQZdzJcS8341Tc27j4cRTak1NJH+T1xGANdtkXKmkNdmDKZqmuKSiuqnIMzW8QXbBfuoXCaRH80av+GIvGKP+sKetlj2B5hSlZq0e8PqbdnkfzSVQfKHr4N0czAdtUezIVOL5d07zt+RVn61jmXKUfM3pgzFQBJ8TKO3QgN3iyaEl0p7eCLshZG06uNITs2xOr1QKct4qcWesXL0/szr3AkCVy/yPaEmvvQrZJd8+cK2ZNlEY4bh09f1v/wKlqY4ITJczOKoRmvI4TJho1Degapom/vGSJ7z+/89V3pXTWBbB4ZImSh4s9qEMnTu5sAV7k8yzTDGp8vmGEHefmMyw0LwQARAQABtClKYW1lcyBMZSBDdWlyb3QgPGNoZXdpQGF1cmEtb25saW5lLmNvLnVrPokCVwQTAQgAQQIbAwULCQgHAwUVCgkICwUWAwIBAAIeAQIXgAIZARYhBFKN5r2GkaQ5H9ou1CHGMhKcbX3kBQJj7/itBQkUewUdAAoJECHGMhKcbX3kX3gP/2unoXiHOJqeJAe7V2X0f/9/05GOkLReYEAtvRwWvi1/FCg+mryzY+TzGiS/6+LfPOw4mIerKgo/eznPrFB6QI3J2G7k2cPuAeARPyAeAk6a0 KN2I4f6z2IWeDRXtHshBvoGYAmT4W7t/28b+CGmXP+cvaDRlMJFRC1dDr66vPOKI1hH02ACsHhdHTD5K2O96//fHVNgY4VcuXD1fjoKzIYwdUz0P/EcX7+9K0frYCbiYRSWYqITfhhlC3Ofjednw8C6B0lEGCkokd3/zf5KjBZcmW+Pe9+q02KcuVzjHHEeXfwFkaINvgu/P/sWWzIEVJ6aA9P6Mevda90NTNiBeZy/YG+4i8hBXf3WeoDulyeSbAqaaIr96thQQoYfXaNhEWFag1hwzefRXs1CV+q+pMJLvpm5ZaDjf4gBEKbjNAymhZDIPTpxZaa/oYH5+nVB1Dw/v8xFEejIorBS4FaoHS8++ujYRwvusMz2hsPi7P/o8xhzj0s+o49DOTR7RTU+l9oYO30CJ3U1SerU/WdPzHiA03M0/oWvjeYWOyMh+1cb2REZlkxmO9gYeSoMfCjXQ2wjXV2Qu0L+rWEZP4Nd2RybF1PA8vwljYtVaxya2UwW81W7rOjiWQmNV14ganHzXpUMma4+J0jh2T5a9CoSYe5Ur4T/O6L91WSIJhJCqH5JtCJKYW1lcyBMZSBDdWlyb3QgPGNoZXdpQGdlbnRvby5vcmc+iQJUBBMBCAA+AhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAFiEEUo3mvYaRpDkf2i7UIcYyEpxtfeQFAmPv+MAFCRR7BR0ACgkQIcYyEpxtfeQXIA//a7WUXnliN3FPFl0f+A+CkHtOslRIGcdawnnHc1OmXo29g6xFNPXWMeND4wUDUFFbTI3TxxgJ/Gs44hlNmfpS9+dJNsZNZbcRLodfwaKsPlARlh8ZLueWTwifQChClyjNfM8GmyKg5bKr/RwedRSlmtna0/EmnbWuYrQqAik7pJbMiPTJSEPzpfMBEOrz3CNrMAsLboiVvqFDR78DNOHp7oeAunQ6VqVUSUPtsiIyTxZQ0SA6kvB7sPPlxHUmD/9bjK eMlN9Vs281/9tdJSalYzKhlJH/QJqw1+7MyjdMHzpLDiukhDjYGLZbf8Yn6uQGT86Px0Nod8h9AHQICpViqmoh1VGso+rMwenbCO8iQOVpPLpbtkgRZO3Xn784MFpBSF/H3GlA7QIgfoc4TePwBgOHJzOlWWeQUeWbMdlvPvRolzxDfw34TkdYBlNTcTQSU04kfOJTvpwX7HBn1IWJH2KWUVIZq0lXnj5qLhy00AfqQe4UFOgNuFNqb4TqrpSp2qZIYahBHa1MBlRmtWwkap7dFk4rakVHAapxH9flMbeVR8zLpE1ERnxoRlfAV6oYTcGGPMXDICaHw+1T6f+Kcgq1jjMxxwZHO+yyAlKorrwy7j4XE/8biV/aX9bdtIb1wjszh/rk4c/nabqfWZ8Ttbp57pFKcgT2naXC7OAIHT60L0phbWVzIExlIEN1aXJvdCA8amFtZXMubGVjdWlyb3RAbWV0YXN3aXRjaC5jb20+iQJXBBMBCABBAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAFiEEUo3mvYaRpDkf2i7UIcYyEpxtfeQFAmPv+MAFCRR7BR0ACgkQIcYyEpxtfeRmTQ/+Iis9QCIRupRXhphshoAgVDHBvFHsHweP8zWlScw48xwAozW5jH+AETfCLVqG48lPm67hfHuc7Z8WNG+N9RyXSOU9jEWcHINwpMnXObfFckZMJ16XOykuzAsd3OuzIFAaG3JFiEvDO9fCY0Be/UjyVjg4PFwIvz7BlUqZS9D5Kz6rWdBCG1FZBzv2B7ovLRrqKraIcGd+brIBozBNJey5yWPSLBeRKqPyw8GseQyxkSyqF6MflhwKYcwO2SDiZh04VlZtbLk+MOK6BzI+nVq+O2BKWlyTgxgvfm+3YlUqMOesSSHyUciELovMqMOmOa49E2od6xT8SJWgsqtmyhEwbDV08OuIj+dAJhefydB9qb2wDXQEV8UUdxyw8n1aWW9OC3z OxHOVm0CwAISBrz/S/ITrH+nTzrg9I6Jq4oDzO1LL+qVAUTRNNI7wZxs1ka7hHEfwEienYW6Ud89ukDK9jCZmISqoEqcZiZHTF4Qc52pebG7wNXZ248DkI6ETkehmj697x4yE8s/Z3Cw/q/F1vWIYOHewNVEszb3QHb+8H/3PottAFlB9CMQBsORFjWWAfZZLAkZM839W0NWTLJ7tWhT9Zl4UdXgi8DE0dsVaHTAnUPQjnODpioT75MsCcjFdSHxo2FvXOhBYRQLZ3oJ7bzc8jyPLHtbsVjnk9HJHXq60KUphbWVzIExlIEN1aXJvdCA8amxlY3Vpcm90QG1pY3Jvc29mdC5jb20+iQJXBBMBCABBAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAFiEEUo3mvYaRpDkf2i7UIcYyEpxtfeQFAmPv+MAFCRR7BR0ACgkQIcYyEpxtfeQFvRAAk4iDJUkr6zmZbPasMSxqiTYeqwfrcKb9LmBFB0ToUwxrK9TfNzoAVmG4TMmK2PFODHI68TqXZvmKvsmlVLaz7HIptr80BxcHIyzuPllZUjtMrnZ+pfx0EpPF7sdlWv4rG+OwM6TGn58faVkmmn5MTx8t3/Lb3tUbz6W7FsJGFGcSZi4vp6RcYP/JLt9qmUfyZP+SEdK5BYvbYsaAZ+hnosjd6aMjELF9OPEs6kbfgNKB/+vN0W3SQ3c8hbKjRvn9GmBUBV2cEMAfgD59W3Z4NUwJrdSLEyEMtKcs8gM2KoquIVyLu/6ROely/6TZiyDTCSCBd/Lmt0tv2NiS3mGnpgQrtqRidxC/3LH095f5sre9GeLYyTbHg6UclaQsxmpn8mHzJ64akVJKVTYNPa3+9zt0npFSkpvNXDWv3ZcDPHgm775tinbpHXew3IQS6TCbldHDSZV5fiq17AE1eqZYjX+6nz8I0a/xfmovokmdec/reG8veC9IC5BBalLGd9ZlNOG0pSsYtHJ7 uF3N/fmZ4+FYHu8+zzJ4IYDnSO5SmZ6WdfaVjx7/jBBKyPUsm6A3sQl7CScURne8ECUIeqjS0M7pDBa3ZAFr4GNg5FfS8XvKRKtdWqpfk9hUJT+ePtfMXkP0rldxD1UV1QeAeiNMu2cjynWizVA5Zv8p1N1O/Fm5Ag0EU8EtlAEQAOdfhDbUKhTazB/17oO8muHuz/F0I5rpEw8Qs2pt01JTvCYjBSYjDb//MlbdFHuhqZpLv3+Yzr9T5pvYO224YANKodbGdd/b6/o3+69tZynW86+0YxpvX2S2erxyJeECCSAPbKMRptG2Un3K9bvhmHA0yLIwaNoh22lvo8QCFrL4nfR02KaUMU8lp67/I2FZPwDknwKXqH3u02gJKDg+6VjNHMBzXCE75cwlIevIDjeiIqzzqGXmjOKJ9Z/3XO8Zo15lGhqvW0r+vGSuE7koUMXezrWR1MM2YihXpSvepvJHOFYMV1+Api6T0FU2veNwiNcz3kEH+NoKUO+8bgWXEVfhnUUIlvrSC6x/W9+fzwnL+2+OMjKeVRk5gtuR3j76nLToFjcQlBz6gBkqFNY2lYm2NwsUE2Rjyka6+HmshFlJa/sPIBEwsOOi9yAfqBP9PRO5jCTpdrwynFQfEw982PjzQG7YIMLs3auTqMIuJ2db36JDjc2Vjah5SJvw3N38GWPbo6EUviswinEYs86XMgcRHBTBjvvLGBWhmoclIn2OFYkHlaKhj2bhbUk1+84kt5l5hnaOKGg6d+Dxrpv08HthU2e63x1pCv9cJ/Er0jvb2HwkNAsfYO1wJlQoFQeR8QiWy26nuvAmyPxL6losByq+s+koNsmNfGcF9Aj8A1rxABEBAAGJAjwEGAEIACYCGwwWIQRSjea9hpGkOR/aLtQhxjISnG195AUCY+/45gUJEpnRnQAKCRAhxjISnG195BpAD/95J7WhnIKAzdEfrFNNcPQyb4Pale5+JcCoJRcPqrQPzO2fvV0Ed pj97UWP2qdBBvEyao92rZP2phvPm824bMPJl8TCq4XLdtIJGe/Lr148kNasZA7OAYVtoK4ROc3nrdIHEb12WztUYCHNguSFTcIC3WhETqsNcYkcGjdTAEOoiKLDBZMGyI5tYENxV/aMAUCP4LahuKDR31ccOOUNeSMVpxEyrnMSEHd5t+eNwLPMg7jbDmh24MCKjQ0wKTvA8XWZJz7w+B1Q98ENpi7P3TRgem07gMtkCHwGGd8hr7LIZXZb+oFutsOn68TiQ9SK+bC/qliOMJ6IdsoljVTSr1h6wdbK1NgvNnma738lnu56Tq5k4WBfOxJMhVFtEcsfLzF1GyvkZrCrNmdJK++GB/P4VaF6fyIW4/CTo1QKIJxRplZmDGPWCr8z4+u4giBITZZ5PXwKThW+6ahMzXFhEyZEj+hIWG7/velclRANvanVNsmpGdgtITGW+skJlfwxtqY+jr5XCuKomSNQ0XdgeZrC1un/x+mWGG3eiRcIDADNchKKugj+rOqeG/dBZFyD3zOg/p0fQZJDb1ZwnLFtdoQ2pmvNHbc6RV5Fu4rw5gH847rFhHUHBmBc/lbnuvfgfsRWZSfC7CfGeNbj9flf96BL3160+EC8ZQ3/M3ZaIyeei7kCDQRcqRxOARAAvcbrd2gZcVroLqrrD3Eek+zrz1mH2dp69wkahZmWEE1Hz7Yhxc1M2V6uOs4+0JlZ1aYO2odaChP9Zl54sPeDGf7yhCG1IM0+U3wmUJVHnyn5kJocpwMGj58X01d9seEGb7c2KR9fz10zODXlMICHaJYgMfUZre+bnpBzS3cE+E+r61EKoEj/URWyFqPLIfPbq7iQ7oaB7mwjlOkFZVxF6fHpByx+ljPm/wxNrbCtjaY9sjjtpfzrierXpBuVrbz7rJtVUhNrzD3Zeacf5VsuDVygevLDAUto2FenNYVJ5OTV/wMu9zz1OvFvLCmbfhZ5yi4OU14vAuX4KKh2dJjcGzPtq8Rrqj VUJcn/qWq/WfkDSY9OLwf5+l6hxvfZg9KAqoGO0TWxbOqBvHiw575aBgXTOBlCbSQHKT3SzES9yUoYv731w6wiHIyUP9aZdJAS7rpXM0Afv7ZbsEcfCcirytbjXMq6PCaoz5ZIs+1aR2XlcjlACqy9JLJ5Ns1Q+44PosTZAQtVhrUf5Xu11k+sijQmWLKvCbuy7mVm0nhgBTlBH54zQtC54cOlVgn8mxkPOW4uNjJhOjwXYxlJKhJ0whDwJfuMN3VDL24VmzPToAIOGIIblW37lJS+cMtdUSlUqHce1oKo6EWkBt+SFzOAjY0RwbufvYTYRm6tJGddIhMAEQEAAYkEcgQYAQgAJgIbAhYhBFKN5r2GkaQ5H9ou1CHGMhKcbX3kBQJj7/jmBQkJseLjAkDBdCAEGQEIAB0WIQQ/Fxne2TBx50qbZrwSJkFdAN0xNwUCXKkcTgAKCRASJkFdAN0xNwKRD/9KqoufhytrUYgHnOYo1nkthI/CdqrByyPscVZXTiM3N/7/1P4PdvJpq9ona84cOOUFNhsuMA9kE1sU/FpbJmmmC7paaiXLX68sMOOt2SD+KhE0ZpQ+f36Y4yYgwF6uTD0QTPvDp/wL1mt3RJjOHTS+cUmiIERkcqNrMtAMBnmQPNiWaji+kb0CQMYxRgW/CgaO9nV2v9RLmk1OOctCGXeBtDUbYBqvznUNK5l0/YOTeW/v0ztJJN5bX/nTbtE8C9QNFRxRMDHNgQwqA4Dk2SgM7Zl05hO576M3CrIIQnglNsUSJps7okPwamyE6AOeBnZzMfNaBogYRQz0W25NpltuwxVom8Z4NBNHGC2AuRZrom9C6WA2ZeqRMoPcqdIj2GoSk4HwNg3qWjeBmijx2Tx2kJrO67vdH0sCXIzdDPDHcr4ADFuNcqPA7mltgTLg64RekHWi9qDmE3inAeTmJo1/T4AUgFOfsbC87wsEY8WOy6DAJjTfQF1RB3XDfDY0wCmC8WJzEBg bAbbtCivsK4oKLq/ovdxWV8KTiyFvwzJXYiNMbDfCIvieh8oBZ7XB0oGG48yTfVzmx6KFi6bNdzU48HYI2mc/nswTHLPj2BvBm8Yw7x4vIEAxY4UPAQ4qoPsC3H5rozfSJ+/jf8ou1Kdm0IfgbTSLVYoTTsF2Iz9PrgkQIcYyEpxtfeTEPQ/5AR3G8joH0hcT5WLal82ZnZO8CZBlznxiqSPf80V89LFsb2/9eDsvgbZcyHfp2aGt5X1J7tG6b/kGVWn7lPW3+22QWLdjcY53F97/us0m2GxI+KVywPYB/C/LmpMRcuxruTfNHWary4ozMe2xO8L269/Tj/RE+yMuJaRvRxvKamwerFruRmfrELsv5oD+NhN0lZG29q9c7Bf7aFxg1w0HBCoXYUjBOacSdyes6jkQ5PAd9TsW629+p+8qTvRJLy52ImPM+TGyMsfpIh001nx/eFaPNnqA7VHtCijdWAr2oePiNaQ3eW7rTxG++FPMysktrHRbd/+jIxFQlNo44mfvEdPyVdYUCaBnKdNOhn8VfRxsiIT1F6cGZeYAvvLAboI/nJyOuz4kLrVdcwJQdaNU/7zK30UiBzbK/eTGmSM4v8OSXoCWskAYXBveI7IYGpht9As+ax4XgU3L5rNzkPPXqjzU+J3XXUb6u75OgiWDPDE/jnDtwNcIzZ3s2QRwETcqJKUOLbiP8oqrP+Z83YvJsZV1op2LE7mBoH24rJqWn0G9S8dpI241VjhiJDcqQzW0AYmiIt4sq9Oisl/gQYB0YXV6Qh/+vvoR7Il+xiEg/HtcDz5hkLV44XA/j4kjit7Lv4BtfAMvsduI5ojOoOQN3j51Y8b/nQkbmJJygAQfVRu5Ag0EXMSpAwEQANqxJiV0sZ1Y+mBZJazd7xqPTmxbW4D86gMkPMOcaX480urVSKS45p7BBXWYKNVPHaZpS1QV3QusEkNUj8Hj1hcK3fIGU/9XRa192yEn8Pzb8drc2WEiASMO IFmwKENQLu1bQQFJRjLbUdONfep4wFxMZJkzuEtHMV1d6dEeOqT49Rbaflh4vJ+Y2OfbKRwyARn8aHpqMYw7Xo970LE+FcsrcwnPVeCcFgWKIe0rMhT1khsmW0ChUUpK7BZYxhOjMCD2EAkvO6FH3Ag1sgzc4C/7VX+nmjrvNWthNviNh2WGmlqfCBzm+LEJYLJi5PkcLrhLQX042RkrLjLIZ7Zklx+Mp07n9zqma2mkz2+WLXRxFpFxlURPLqFrVVjQ4bAnFfymEfWDli0jVcYIbcCQGPv8Jebaz0gupJjGO8WDsgnh2fr3yhtCjZCYc6ma0I0vSW8RPmx56wSDK0q4JGXD7Mwb/u493nouZj4fWTizeYOM5x16wH8Dl+YacGMIosiIYNbdhI7O8ZsIY60+4ZRyRr106BWJqyBs5XuwyFl0adiFzTzNIMgPx5fPFQ26ORJqY7t5w49KBnBohajIOpvGlMf08jWHbE5vgWt67DsO7DrX8Jp81nzeoys7UudaxsZLNQPJQ34XKHtmsZ0e2d0yxIe5RJCMrZ9ul++UtzGy2xljABEBAAGJAjwEGAEIACYCGyAWIQRSjea9hpGkOR/aLtQhxjISnG195AUCY+/45gUJCZZWLgAKCRAhxjISnG195AFuD/9p6A9z1tl7Y1R7oIrRCG0SnGxSnxAnMrecCADfmuZqNWeJcuJAo9qdBKvdAAA7H+0NIBxF0M6eCTPeJcNARQqdenCYWp01yNoI6B9BHt1Jy/MabKRsr+PlOa4k9MEisC5ZT59ZzdUqKUfGQ0il+FtAImyVICarCvK/V8wL2CfBTtZXkkKs5mxsEIIIHy+mzyKMGb7yWuyCG6PEo6f2b7GcucS5FQ7LEbJ4w4STpEJ1nZe3rMzKoCROzESiG1mm1usGwuC5dOYEMeXrcN+GR1tjR7qdwp/EDtcwk/uEEDCFmtVzNhw1mRexUETXLkSDdLw3KP+XdLezURQbKO1111rrq nQFIKTfMN8cwenwX7N59c4vpofJGsJOi+hqRZKuZ8JpUauyQLITM2dfFkDngvvgNlhiBirRVP/HhNRW+HxjPR+AflHotsQc0a3+IbX39PGjC/UwLGO98NnOK1sB047tJX1vnvjAllny7J5BSmVS9Z8bpnxpzKOtb3ssrckFuJCv0qIEAkBKJzABeMM1AzBBOIetFXlnP+m/5wm6vhG+Oi0IlaFfMBl2FPJgznrLTXzVNqyh/MoHZqPRzV79oJthwidIEMkWWLALKkoI3WN576iSJ0s2ibm/MkGpzPwwqnbhGgg1XvW8NyrkauvHjh2TW4RUPw2Tvza8GV70ZToM3Q== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-MAzFfDZMeZfqKI/qWmtZ" User-Agent: Evolution 3.50.3 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: a139a287-a030-44c3-b095-013709aef549 X-Archives-Hash: ee1b55ec76aa24fa712936c6e463445a --=-MAzFfDZMeZfqKI/qWmtZ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, 2024-02-11 at 09:00 +0100, Ulrich Mueller wrote: > > > > > > On Sat, 10 Feb 2024, Daniel Simionato wrote: >=20 > > =C2=A0I'd like to start a discussion regarding setting HOME_MODE by def= ault in > > the /etc/login.defs file (owned by sys-apps/shadow package). >=20 > > Upstream keeps HOME_MODE commented: > > https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28= 468e33a4529d5/etc/login.defs#L207 >=20 > > HOME_MODE affects only useradd and newuser commands: if HOME_MODE is se= t, > > they will use the specified permission when creating a user home direct= ory, > > otherwise the default UMASK will be used. > > Since the default umask is 022, keeping HOME_MODE unset will result in = home > > readable home directories created by useradd, which goes against securi= ty > > best practices. >=20 > > The proposal is to set HOME_MODE to 0700, or at least 0750: RedHat and = RH > > based distros, OpenSuse, ArchLinux all set it to 0700, Ubuntu has it at > > 0750. Debian and Gentoo are two exceptions, keeping the upstream value = of > > HOME_MODE (although login.defs is changed in other ways). >=20 > > I previously made a PR on github where you can find more details ( > > https://github.com/gentoo/gentoo/pull/35231), but as pointed in the > > comments this probably warrants some discussion beforehand. >=20 > > I can understand the argument against the change, which is keeping in s= ync > > with upstream and don't risk changing the historic default behaviour of > > tools some users might rely upon. >=20 > > I do believe though there's merit in providing safer and secure default= s, > > so I would like HOME_MODE to have a safe default value for Gentoo and > > Gentoo based distros. >=20 > I see no strong argument either way. However, changing the default is > somewhat intrusive, so I'd prefer staying with upstream. Also, are we > aware of any breakage caused by this? >=20 > As you've pointed out yourself, distros are inconsistent about it, > i.e. not much guidance from there. Maybe upstream would be a better > place for this discussion? >=20 > Ulrich You may need 0701 if you have a web server reading from ~/public_html, but that's uncommon. I've been using this for years without issue, but I think 0700 makes the most sense as the default. --=-MAzFfDZMeZfqKI/qWmtZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQJFBAABCAAvFiEEPxcZ3tkwcedKm2a8EiZBXQDdMTcFAmXIlGIRHGNoZXdpQGdl bnRvby5vcmcACgkQEiZBXQDdMTfFBRAAqZWz5/0YHV/uNBY6TD3W4iYYbrDS3ms9 5G+4FjP2N/9ZRcFKTEeUpJu/Ck1Cqbq3S3xfSLYqhJkYSb2+5nDTWRjcmaQYcl5r ajU/gofTmLQOF9N0FhhOhR9RO6nDkziKnXev4Y0F/k1OvuDabukF54H4oJ0hRFDW BoUCRIwo3sJgQOYJJtAlk8X7szW5E6woVf+3AoyZDhQ3/UyE/GJP+g0ddGIKRpXG EqO5iPAAtj2PX1INm388hWZpP5x7AU4l0p8UHz7cwygrdrEzmdypoYZ1ac+UViIN llubvjhTXTe0nTSWi9vIz2LtGhoxW6b8ZJhV+4rvsAy/elpWtMckK4WBsn8n7ZY3 yRaFp18ppPsEcQpTab7R7cgN/bBBsUni53I8fi0x2FqpY2KUqrx2IGywh7KGlxBA Ajo3B1vJN6PnlL/a2qvI/+zJbT4UN4q9RuGuNdajDCinxCOZmjMUuZj+Eqt6ZLhL xhVX9Yw6v+pPr7O5ZkNjhZhVZEpHb11luKB9b9voAkOsWKFP+7N5tkDSYEEAmvdt 3Mpa5q3WmWmB8J2/99ricBAvjLFB05KYP1Rql8+GZLHFq8vII+n3u1X+bKIg6bym U9slUXXLD01RF70SUdmPIHlPjDxpdAblyBTlmDAEXvr1FVO4g4LuGZPiGpf+DI+F XCd3N0tU4kE= =LqcG -----END PGP SIGNATURE----- --=-MAzFfDZMeZfqKI/qWmtZ--