I just opened a bug about the default file and folder permissions on new $USER $HOME dirs having 0755 permissions by default. Why in the world is this?
TL;DR:
If any of my customers discover this on older systems that I have installed or if I forget to set the $HOME DIR_MODE=0750 as a custom edit in the /etc/adduser.conf file on all new installs–it could greatly jeopardize my security reputation and that of Ubuntu’s!
FULL:
By default, Ubuntu Desktop installs new user accounts(adduser or GUI) with “other=r-x” or “0755” permissions.
This defeats the, at least casual, protections afforded by having separate and password protected login accounts from other users on the local system. Users migrating from other platforms(Windows or macOS) have an expectation of privacy in their accounts due to Windows and macOS, for example, having protections on their $HOME dirs to prevent the casual snooping or otherwise more mischievous actions of other $USER’s on the local system.
With the largest potential pool of migrations being from one of the above alternative operating systems, the Ubuntu(Linux for Humans) desktop installer and adduser.conf file should honor that expectation or at least make it an “Opt-Out” instead of an “Opt-In” requirement.
What is the point, other than the FSF Hierarchy, for having a “Public”(0755) folder in each $USER $HOME, if any other user can (r)ead or (x)traverse the entire $HOME by default?
If any of my customers discover this on older systems that I have installed or if I forget to set the $HOME DIR_MODE=0750 as a custom edit in the /etc/adduser.conf file on all new installs–it could greatly jeopardize my security reputation and that of Ubuntu’s!
Use cases for 0755 on Ubuntu Server are not my concern, just Desktop.
Additionally, I routinely disable the “boot to USB” or other devices in the BIOS and passwd protect those settings from tampering with an Admin passwd in said BIOS. Very few PC’s in the last decade lack this level of BIOS configurability.
I also install all new Ubuntu Desktop’s using LUKS+LVM for the entire local disk(s) system.
SO … AM I CRAZY OR JUST STUPID FOR ASKING ABOUT THIS?