From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D6B61158C4B for ; Sat, 10 Feb 2024 23:52:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2AFD92BC026; Sat, 10 Feb 2024 23:52:33 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CA3DB2BC016 for ; Sat, 10 Feb 2024 23:52:32 +0000 (UTC) Date: Sat, 10 Feb 2024 15:52:30 -0800 From: John Helmert III To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] RFC: Setting default HOME_MODE in /etc/login.defs Message-ID: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3XdjfBUfKImiUtr5" Content-Disposition: inline In-Reply-To: X-Archives-Salt: 227fa2c4-146e-4847-b0ce-983de84c38b4 X-Archives-Hash: c654d21a2a1373a9739887e0fc14083d --3XdjfBUfKImiUtr5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 10, 2024 at 05:57:08PM +0100, Daniel Simionato wrote: > Hello, > I'd like to start a discussion regarding setting HOME_MODE by default in > the /etc/login.defs file (owned by sys-apps/shadow package). >=20 > Upstream keeps HOME_MODE commented: > https://github.com/shadow-maint/shadow/blob/3e59e9613ec40c51c19c7bb5c2846= 8e33a4529d5/etc/login.defs#L207 >=20 > HOME_MODE affects only useradd and newuser commands: if HOME_MODE is set, > they will use the specified permission when creating a user home director= y, > otherwise the default UMASK will be used. > Since the default umask is 022, keeping HOME_MODE unset will result in ho= me > readable home directories created by useradd, which goes against security > best practices. >=20 > The proposal is to set HOME_MODE to 0700, or at least 0750: RedHat and RH > based distros, OpenSuse, ArchLinux all set it to 0700, Ubuntu has it at > 0750. Debian and Gentoo are two exceptions, keeping the upstream value of > HOME_MODE (although login.defs is changed in other ways). >=20 > I previously made a PR on github where you can find more details ( > https://github.com/gentoo/gentoo/pull/35231), but as pointed in the > comments this probably warrants some discussion beforehand. >=20 > I can understand the argument against the change, which is keeping in sync > with upstream and don't risk changing the historic default behaviour of > tools some users might rely upon. >=20 > I do believe though there's merit in providing safer and secure defaults, > so I would like HOME_MODE to have a safe default value for Gentoo and > Gentoo based distros. Setting it to 0700 makes good sense to me, unless someone has some good example of this breaking anything. Deviating from upstream defaults in following other distributions isn't exactly treading new ground for us. And it's easy for the administrator to change to suit their liking anyway (hopefully covering the "keep the status quo" class of objections). > Have a nice day, > Daniel --3XdjfBUfKImiUtr5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCZcgMPAAKCRCgXq2+aa/J tVZnAP44cdVONrayq8ovujbdCI7IqwgUpRKAprPC5AekIhyV2AD9Ey5ZfjyEBJiS c7j5ONMW39bblumvKFn3oW4ZQRQuDws= =7SKw -----END PGP SIGNATURE----- --3XdjfBUfKImiUtr5--