From owner-freebsd-security  Wed Jun 24 03:11:46 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA22928
          for freebsd-security-outgoing; Wed, 24 Jun 1998 03:11:46 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hotpoint.dcs.qmw.ac.uk (hotpoint.dcs.qmw.ac.uk [138.37.88.162])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA22767
          for <freebsd-security@FreeBSD.ORG>; Wed, 24 Jun 1998 03:10:57 -0700 (PDT)
          (envelope-from scott@dcs.qmw.ac.uk)
Received: from brunos-sun.dcs.qmw.ac.uk [138.37.88.185];
          by hotpoint.dcs.qmw.ac.uk (8.8.7/8.8.5/S-4.0) with SMTP;
          for "<freebsd-security@FreeBSD.ORG>"; 
          id LAA18738; Wed, 24 Jun 1998 11:10:43 +0100 (BST)
Date: Wed, 24 Jun 1998 11:10:43 +0100 (BST)
Message-Id: <199806241010.LAA18738@hotpoint.dcs.qmw.ac.uk>
Received: locally by brunos-sun (SMI-8.6/QMW-client-3.2b); 
          poster "scott";
          id LAA16427; Wed, 24 Jun 1998 11:05:17 +0100
From: Scott Mitchell <scott@dcs.qmw.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: freebsd-security@FreeBSD.ORG
Subject: Re: adduser chmod permissions
In-Reply-To: <YpY6kda00UM20y81o0@andrew.cmu.edu>
References: <Pine.BSF.3.95.980623195803.3076A-100000@orion.webspan.net>
	<YpY6kda00UM20y81o0@andrew.cmu.edu>
X-Mailer: VM 6.22 under 19.15 XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Thomas Valentino Crimi said:
>
>  I'd have to somehow think that the majority of uses (read: home
>desktop users) give accounts to friends and family, and in such an
>environment would encourage sharing.  It's very often that someone would
>say "It's right in my homedirectory".  Things like say, mail are already
>by rather strong default made private, so what else do most people on a
>friend's machine plan to keep private?  If you don't trust someone you
>wouldn't give them account on your home box, correct?

Absolutely.  Just about every Unix system I've used (admittedly all
university or private machines) had home directories world readable, with a
umask of 002 (and periodic mail from the admins telling people to protect
their mail directories...)  But as you say, these are environments that
encourage sharing; perhaps it is different in the real world.

Maybe this could be an option in adduser -- home directory world-readable
(y/n)?  I thing the default .profile, etc set the umask to 002 anyway, so
you would have to change that as well if you were really concerned about
this.

Cheers,

	Scott

-- 
===========================================================================
Scott Mitchell          | PGP Key ID |"If I can't have my coffee, I'm just 
<scott@dcs.qmw.ac.uk>   | 0x54B171B9 | like a dried up piece of roast goat"
QMW College, London, UK | 0xAA775B8B |     -- J. S. Bach.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message