From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-101174-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 3B03815815E
	for <garchives@archives.gentoo.org>; Sat, 10 Feb 2024 16:57:26 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id ACA512BC023;
	Sat, 10 Feb 2024 16:57:21 +0000 (UTC)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 77E63E29C1
	for <gentoo-dev@lists.gentoo.org>; Sat, 10 Feb 2024 16:57:21 +0000 (UTC)
Received: by mail-lj1-x236.google.com with SMTP id 38308e7fff4ca-2d09faadba5so24673241fa.1
        for <gentoo-dev@lists.gentoo.org>; Sat, 10 Feb 2024 08:57:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1707584240; x=1708189040; darn=lists.gentoo.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=0IoWPe6Jazy+uWyAOzJbZMVmCqjKhdfpu1vfSNRyVGY=;
        b=lWaTgX67SfuOXvc4B+Iuys8ujlaqR0SeyoXqMZfwTiXgDCsiud0jf7JXtn/yq9qzLv
         TNli4r7vd11zvM+JKawOVCOKHqlzLXRm11pUVP+agVnlVwHjAPXQxgl4jnPgBfSEEUQA
         eOlv9vZQhdvCwgpg36pugcjEeEcac9CTtPBBQ602LhXVQoI+JT8QWAycIIIJJGiFPn7x
         ZIlDN6wgTs6QVTWhn92E6I0cLR1Slcnv5rJ30gw5STgRBjvN0vmVvv6FW+CRmQn0C0jd
         UX+0Y+3Jv1QGruJy4/8zp0aaFOJERkEyswjAo/re6gdsm3kmIRqtmdbu1ijGPdo+Bizv
         59sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1707584240; x=1708189040;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=0IoWPe6Jazy+uWyAOzJbZMVmCqjKhdfpu1vfSNRyVGY=;
        b=PQkTL3t0BH0pUwru5OK0RPewxjPDo+SS8eyLt5QzSCg8pmymP0V+8iTmkOxEMtuCi8
         D460QydFC7XdgAkg23+3bMWKkcL1bTVp5nKxOV0EW2BaJUK2GQCL18vb3+M148juqU58
         JnudZQ2KeZHcDXrHLMvyZQJb2uLxSRHIV3R0z9KQXxJG1J8UqBqcgXwbgzgV6J7dzeqS
         HSgvv86NQq42HOdXhFqtOYQqbW7LDWHCqHKh4a2+uk4jFst8h1zqZoU4bjSc1ncpsoXL
         UmhMnht4QxQts3qNjc0iddSdqKqiW6CQayjTDaeDKxBzva8V2EXKiZHIi+Ifs2j/Kgic
         iZdQ==
X-Gm-Message-State: AOJu0YyUFl8hbjCxs66v3vDLVNy1hycRMWIxNAV7aobPQdrekZt2g1gq
	UB0oiqgC7bkfPFOMlCMbQDjQ5Y8i8FrJa0o4yAJpbP9B84V0VE4UaTj4QWc5zts2EVvwwDCzcft
	QCeku73QtaAgejqMN68bnkGHT+84RkCZqFQQ=
X-Google-Smtp-Source: AGHT+IHpe2T0yzWZsCUwY2y9Kr1YT9WfRU3lA0EufSoNkMkYnJql3pz7EQ0ngT0Dnbz2wNcqYuEKsq1wxSp57SskzSI=
X-Received: by 2002:a2e:a70a:0:b0:2d0:cf99:a553 with SMTP id
 s10-20020a2ea70a000000b002d0cf99a553mr1393529lje.36.1707584239526; Sat, 10
 Feb 2024 08:57:19 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
From: Daniel Simionato <daniel.simionato@gmail.com>
Date: Sat, 10 Feb 2024 17:57:08 +0100
Message-ID: <CAGJwT=845Re0yGrwrdDKMHZt+=cFmLEcbpv5WBDatKt-adehyg@mail.gmail.com>
Subject: [gentoo-dev] RFC: Setting default HOME_MODE in /etc/login.defs
To: gentoo-dev@lists.gentoo.org
Content-Type: multipart/alternative; boundary="0000000000000566eb061109f011"
X-Archives-Salt: c3351039-6f16-4cf1-bad7-42da6e2c336d
X-Archives-Hash: 35b0693b52a8762deb0cd880a365531d

--0000000000000566eb061109f011
Content-Type: text/plain; charset="UTF-8"

Hello,
 I'd like to start a discussion regarding setting HOME_MODE by default in
the /etc/login.defs file (owned by sys-apps/shadow package).

Upstream keeps HOME_MODE commented:
https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/etc/login.defs#L207

HOME_MODE affects only useradd and newuser commands: if HOME_MODE is set,
they will use the specified permission when creating a user home directory,
otherwise the default UMASK will be used.
Since the default umask is 022, keeping HOME_MODE unset will result in home
readable home directories created by useradd, which goes against security
best practices.

The proposal is to set HOME_MODE to 0700, or at least 0750: RedHat and RH
based distros, OpenSuse, ArchLinux all set it to 0700, Ubuntu has it at
0750. Debian and Gentoo are two exceptions, keeping the upstream value of
HOME_MODE (although login.defs is changed in other ways).

I previously made a PR on github where you can find more details (
https://github.com/gentoo/gentoo/pull/35231), but as pointed in the
comments this probably warrants some discussion beforehand.

I can understand the argument against the change, which is keeping in sync
with upstream and don't risk changing the historic default behaviour of
tools some users might rely upon.

I do believe though there's merit in providing safer and secure defaults,
so I would like HOME_MODE to have a safe default value for Gentoo and
Gentoo based distros.

Have a nice day,
 Daniel

--0000000000000566eb061109f011
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div>Hello,<br></div>=C2=A0I&#39;d like to start a di=
scussion regarding setting HOME_MODE by default in the /etc/login.defs file=
 (owned by sys-apps/shadow package).<br><div><br></div><div>Upstream keeps =
HOME_MODE commented: <a href=3D"https://github.com/shadow-maint/shadow/blob=
/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/etc/login.defs#L207">https://gith=
ub.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c28468e33a4529d5/et=
c/login.defs#L207</a></div><div><br></div></div><div>HOME_MODE affects only=
 useradd and newuser commands: if HOME_MODE is set, they will use the speci=
fied permission when creating a user home directory, otherwise the default =
UMASK will be used.<br></div><div>Since the default umask is 022, keeping H=
OME_MODE unset will result in home readable home directories created by use=
radd, which goes against security best practices.<br></div><div><br></div><=
div>The proposal is to set HOME_MODE to 0700, or at least 0750: RedHat and =
RH based distros, OpenSuse, ArchLinux all set it to 0700, Ubuntu has it at =
0750. Debian and Gentoo are two exceptions, keeping the upstream value of H=
OME_MODE (although login.defs is changed in other ways).<br></div><div><br>=
</div><div>I previously made a PR on github where you can find more details=
 (<a href=3D"https://github.com/gentoo/gentoo/pull/35231">https://github.co=
m/gentoo/gentoo/pull/35231</a>), but as pointed in the comments this probab=
ly warrants some discussion beforehand.<br></div><div><br></div><div>I can =
 understand the argument against the change, which is keeping in sync with =
upstream and don&#39;t risk changing the historic default behaviour of tool=
s some users might rely upon.</div><div><br></div><div>I do believe though =
there&#39;s merit in providing safer and secure defaults, so I would like H=
OME_MODE to have a safe default value for Gentoo and Gentoo based distros.<=
br></div><div></div><div><div><div><div><div dir=3D"ltr" class=3D"gmail_sig=
nature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><div><br></div>=
<div>Have a nice day,<br>=C2=A0Daniel <br></div></div></div></div></div></d=
iv></div></div>

--0000000000000566eb061109f011--