Hello folks, i am a user of Debian for some years and i work as a trainer in Linux. I often have to handle with the default settings i the adduser-script for "dir_mode". In the most trainings there is the question "How can Debian be a secure system with such default settings in adduser?". Other Linux-distributions got settings like 700. I also think default settings in the adduser-scrpit for "dir_mode" should NOT be 755 like they are in all actual packages (adduser_3.47_all.deb, adduser_3.59_all.deb and adduser_3.62_all.deb). I hope you all will change these settings. Roland
Roland Kasprzak wrote:> i am a user of Debian for some years and i work as a trainer in Linux. > I often have to handle with the default settings i the adduser-script > for "dir_mode". In the most trainings there is the question "How can > Debian be a secure system with such default settings in adduser?". Other > Linux-distributions got settings like 700. I also think default settings > in the adduser-scrpit for "dir_mode" should NOT be 755 like they are in > all actual packages (adduser_3.47_all.deb, adduser_3.59_all.deb and > adduser_3.62_all.deb). > I hope you all will change these settings.I don''t believe a directory mode of 0700 is right default setting. It breaks Apache''s UserDir option, for example. A much more sensible choice would be 0711 which will continue to allow access to known files and directories such as public_html. Even though I don''t think it would increase security significantly, I agree that it is probably a better default choice. However, I leave this up to Marc Haber. Roland
On Thu, Mar 03, 2005 at 11:29:35AM +0100, Roland Kasprzak wrote:> i am a user of Debian for some years and i work as a trainer in Linux. > I often have to handle with the default settings i the adduser-script > for "dir_mode". In the most trainings there is the question "How can > Debian be a secure system with such default settings in adduser?".Security by Obscurity does not work. If you want protected data, change the file modes, or adduser''s default.> I hope you all will change these settings.No. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835