On 2021/08/01 11:57, James Knott wrote:
On 2021-08-01 2:54 p.m., Christian Boltz wrote:
That way you could add whoever was allowed to access your files. To be picky, not you, but the admin:-P To be picky;-) you can really change that yourself:
I know I can change it and have done so in the past. My concern is having a user's home directory open to others by default. It's sort of like removing the curtains from your bedroom. ;-)
---- Just as a matter of being clear -- for home users, how many share their suse machine with someone in the general public? I mean, just how many other people would have access to a directory with 'other'=open? Also I still do setup groups = users for the most part. I sometimes have different UID's on different machines (for same name), but at least manage to have 1 group they are both in. Annoyingly, so many retarded utilities claim others have access to files and raise a "problem flag: system isn't using standard security policy and refuse to work. I've often thought of setting up a setuid script with executable access based on same group -- so effectively anyone in the same group could suid to another userid -- meaning primitive programs that believe rwx------ is the only correct way to enforce single-user access, could have their security policy turned on its ears and file it as a security bug for claiming that 700 is 'single user' when it wouldn't be. Slightly better is being able to setuid to the name of any user that had a same name group and that you were a member of. Thus only by enforcing groups with 1 user, could they assume an executable was only writable by one person. I said I've thought about it -- not that it seems to have tons of utility, but neither does applications trying to enforce their idea of a proper security policy on all the users of that application. For any record, though, having configurable system defaults certainly seems useful and allowing user (or admin) choice in what security policy to use.