Hello,
I'd like to start a discussion regarding setting HOME_MODE by default in the /etc/login.defs file (owned by sys-apps/shadow package).
HOME_MODE affects only useradd and newuser commands: if HOME_MODE is set, they will use the specified permission when creating a user home directory, otherwise the default UMASK will be used.
Since the default umask is 022, keeping HOME_MODE unset will result in home readable home directories created by useradd, which goes against security best practices.
The proposal is to set HOME_MODE to 0700, or at least 0750: RedHat and RH based distros, OpenSuse, ArchLinux all set it to 0700, Ubuntu has it at 0750. Debian and Gentoo are two exceptions, keeping the upstream value of HOME_MODE (although login.defs is changed in other ways).
I can understand the argument against the change, which is keeping in sync with upstream and don't risk changing the historic default behaviour of tools some users might rely upon.
I do believe though there's merit in providing safer and secure defaults, so I would like HOME_MODE to have a safe default value for Gentoo and Gentoo based distros.