Am I crazy or stupid? umask=0022 and DIR_MODE=0755 as defaults for $HOME

I just opened a bug about the default file and folder permissions on new $USER $HOME dirs having 0755 permissions by default. Why in the world is this?

TL;DR:

If any of my customers discover this on older systems that I have installed or if I forget to set the $HOME DIR_MODE=0750 as a custom edit in the /etc/adduser.conf file on all new installs–it could greatly jeopardize my security reputation and that of Ubuntu’s!

FULL:

By default, Ubuntu Desktop installs new user accounts(adduser or GUI) with “other=r-x” or “0755” permissions.

This defeats the, at least casual, protections afforded by having separate and password protected login accounts from other users on the local system. Users migrating from other platforms(Windows or macOS) have an expectation of privacy in their accounts due to Windows and macOS, for example, having protections on their $HOME dirs to prevent the casual snooping or otherwise more mischievous actions of other $USER’s on the local system.

With the largest potential pool of migrations being from one of the above alternative operating systems, the Ubuntu(Linux for Humans) desktop installer and adduser.conf file should honor that expectation or at least make it an “Opt-Out” instead of an “Opt-In” requirement.

What is the point, other than the FSF Hierarchy, for having a “Public”(0755) folder in each $USER $HOME, if any other user can (r)ead or (x)traverse the entire $HOME by default?

If any of my customers discover this on older systems that I have installed or if I forget to set the $HOME DIR_MODE=0750 as a custom edit in the /etc/adduser.conf file on all new installs–it could greatly jeopardize my security reputation and that of Ubuntu’s!

Use cases for 0755 on Ubuntu Server are not my concern, just Desktop.

Additionally, I routinely disable the “boot to USB” or other devices in the BIOS and passwd protect those settings from tampering with an Admin passwd in said BIOS. Very few PC’s in the last decade lack this level of BIOS configurability.

I also install all new Ubuntu Desktop’s using LUKS+LVM for the entire local disk(s) system.

SO … AM I CRAZY OR JUST STUPID FOR ASKING ABOUT THIS? :wink:

Please see: https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access and https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734

Thanks @rbasak. I me-too’d that bug and added the following comment to it:

" Wow! Approaching 13-years and counting on this bug. Neat.

Desktop Linux: The principle of least astonishment (POLA) should always be priority-one with Security. Open $HOME’s are a surprise to me and everyone I know.

Now that cloud storage has taken the desktop users of the world by storm, is the need to have open(r-x) $HOME dirs still needed?

We’ve lost the 'Guest" user login since 18.04 and we’ve lost ecryptfs as an option in the installer. Why not just throw a simple toggle into the installer, to surface this issue, offering admins the option?"

1 Like

This is not constructive. You’re insinuating that this is a bug and remains unfixed in Ubuntu after 13 years. This is misleading. A decision was made in Ubuntu on this 13 years ago. The project’s position, that has not changed during this time, is that this is intended behaviour.

I don’t see any new arguments in the bug, either. Only “I don’t like the decision you made for reasons already considered when the decision was taken”.

1 Like

We seem to have exhausted the constructive potential of this discussion, and SABDFL laid out the criteria to change the decision back in 2010, so there seems no useful purpose in keeping this thread open.

I gently suggest that folks with constructive contributions on the facts, circumstances, and arguments please post them on the bug report.

1 Like