From owner-freebsd-security  Tue Jun 23 20:03:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA07456
          for freebsd-security-outgoing; Tue, 23 Jun 1998 20:03:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from po6.andrew.cmu.edu (PO6.ANDREW.CMU.EDU [128.2.10.106])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA07447
          for <freebsd-security@FreeBSD.ORG>; Tue, 23 Jun 1998 20:03:11 -0700 (PDT)
          (envelope-from tcrimi+@andrew.cmu.edu)
Received: (from postman@localhost) by po6.andrew.cmu.edu (8.8.5/8.8.2) id XAA10067 for freebsd-security@FreeBSD.ORG; Tue, 23 Jun 1998 23:03:05 -0400 (EDT)
Received: via switchmail; Tue, 23 Jun 1998 23:03:03 -0400 (EDT)
Received: from lister.net.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/service/mailqs/q003/QF.MpY6kf:00UM2016040>;
          Tue, 23 Jun 1998 23:02:03 -0400 (EDT)
Received: from lister.net.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/usr18/tcrimi/.Outgoing/QF.ApY6kde00UM20y81w0>;
          Tue, 23 Jun 1998 23:02:01 -0400 (EDT)
Received: from mms.4.60.Jun.27.1996.03.02.53.sun4.51.EzMail.2.0.CUILIB.3.45.SNAP.NOT.LINKED.lister.net.cmu.edu.sun4m.54
          via MS.5.6.lister.net.cmu.edu.sun4_51;
          Tue, 23 Jun 1998 23:02:01 -0400 (EDT)
Message-ID: <YpY6kda00UM20y81o0@andrew.cmu.edu>
Date: Tue, 23 Jun 1998 23:02:01 -0400 (EDT)
From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>
To: freebsd-security@FreeBSD.ORG
Subject: Re: adduser chmod permissions
In-Reply-To: <Pine.BSF.3.95.980623195803.3076A-100000@orion.webspan.net>
References: <Pine.BSF.3.95.980623195803.3076A-100000@orion.webspan.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


  I'd have to somehow think that the majority of uses (read: home
desktop users) give accounts to friends and family, and in such an
environment would encourage sharing.  It's very often that someone would
say "It's right in my homedirectory".  Things like say, mail are already
by rather strong default made private, so what else do most people on a
friend's machine plan to keep private?  If you don't trust someone you
wouldn't give them account on your home box, correct?


  The group that would seek user privacy I would imagine would be the
ISP, and such people generally have far more elaborate concerns creating
an account to begin with, so modifying adduser would be the least of
their problems.

  One thing whcih I've seen implemented is that of the 'private'
directory, something that specfically points a user to note that their
homedirectory by default isn't private but if they do have something to
hide from view they can move it into there.  I, of course, just believe
in educating people using a system on what they are getting themselves
into.  We all must know the means to which one must go for 'absolute'
security.  

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message