dplus
asked on
[Debian v3.0 r2] /root & /home/* are worldreadable?!
Hi,
I just want to know if the following is a bug in Debian:
I checked the default (out of the box) permissions of my freshly installed Debian 3.0 r2 installation and found that all directories under /home and the /root are world-readable and world-executable.
Is this normal?
Because I was used to RedHat 8 and all default permissions were 0750 over there...
I just want to know if the following is a bug in Debian:
I checked the default (out of the box) permissions of my freshly installed Debian 3.0 r2 installation and found that all directories under /home and the /root are world-readable and world-executable.
Is this normal?
Because I was used to RedHat 8 and all default permissions were 0750 over there...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For one thing, home directories generally need to be world executable if users are running web sites from a public_html
directory: otherwise, the web server can't get in
(Execute permission on a directory means the ability to access data in it, and get into the immediate child
directories. Read permission on a directory means the ability to get the list of the names of files stored in that
directory.)
Users often want to share files with each other on a multiuser system. If they're working with information that needs to be kept secret, they should of course set the permissions on individual files to read by owner only.
(That way if they want to share something later, when they "open up their home directory" they won't be opening up more than they think to the world)
For the privacy concerned, the best practice is to set a good UMASK that controls default permissions of new files
and directories... it's an option that can be set in the login script, .profile, .tcshrc, .cshrc, etc... i.e.
umask 077
077 makes new files mode 600 by default and new directories mode 700 by default, for example
(Since 0777 - 077 = 0700 and (0700 & 0666) = 0600)