[PATCH] adduser: Make home directory not world readable
Valentin
vakevk at gmail.com
Tue Jan 17 13:10:48 UTC 2023
adduser sets the mode of the newly created home directory to
u+rwx g+rx o+rx (755). This allows every user on the system to read the
directory.
This commit changes the mode to not give other users any permissions
(750).
This is a better default. Home directories are likely to contain
sensitive information, which you expect to not be world readable. If
you really want your home directory to be world readable you can
manually chmod it afterwards.
On the other hand, if the default is world readable, then inaction
exposes sensitive information. This can happen by accident when you are
not aware what mode adduser sets.
I could not find any reasoning for the current behavior. 755 has been
used since the commit that created adduser.c in 2002. Neither the commit
nor the file today contain an explanation.
---
loginutils/adduser.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/loginutils/adduser.c b/loginutils/adduser.c
index d3c795afa..218fe1371 100644
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@@ -278,9 +278,9 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
umask(0);
if (!(opts & OPT_DONT_MAKE_HOME)) {
/* set the owner and group so it is owned by the new user,
- * then fix up the permissions to 2755. Can't do it before
+ * then fix up the permissions to 2750. Can't do it before
* since chown will clear the setgid bit */
- int mkdir_err = mkdir(pw.pw_dir, 0755);
+ int mkdir_err = mkdir(pw.pw_dir, 0750);
if (mkdir_err == 0) {
/* New home. Copy /etc/skel to it */
const char *args[] = {
@@ -299,7 +299,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv)
}
if ((mkdir_err != 0 && errno != EEXIST)
|| chown(pw.pw_dir, pw.pw_uid, pw.pw_gid) != 0
- || chmod(pw.pw_dir, 02755) != 0 /* set setgid bit on homedir */
+ || chmod(pw.pw_dir, 02750) != 0 /* set setgid bit on homedir */
) {
bb_simple_perror_msg(pw.pw_dir);
}
--
2.39.0
More information about the busybox
mailing list