On Thu, Aug 05, Christian Boltz wrote:
HOME_MODE not set We should set "HOME_MODE 0700" as other distros do.
I'm not sure about that because - it breaks ACLs (which will become "effective ---" AFAIK)
If you use ACLs you have of course adjust the permissions of the directories, too. If you don't use ACLs for the main home directory already.
- it breaks ~/public_html
It does not break existing ~/public_html configurations. It does not break default apache confiurations. It requires one step more to enable it, which is Ok. We don't support ~/public_html out of the box. This is something the admin has to configure anyways, and if the user wants to use ~/public_html, he has to create that directory, too. So it's just one step more to adjust the permissions.
Since you also propose to create a group for each user, we could use 0710 or 0750. This would technically not add any permissions (unless you add another user to your $USERNAME group), but it would give us working ACLs.
Working ACLs would allow to add exceptions that could help with ~/public_html. (Not sure if we should create an ACL for wwwrun to be able to reach ~/public_html by default, but that's a discussion for bonus points anyway ;-)
I also wonder if we should make UMASK more restrictive - maybe 0027 instead of the current 0022?
That's the default everywhere and 0027 has more impact on breaking things than 700 for the home directory. Thorsten
Regards,
Christian Boltz --
Das hatte ich (samt Kommentar aus der /etc/postfix/transport) doch schon in meiner letzten Mail erklärt ... ;) Sandy ist schuld ;-) Erst mit seiner Erklärung ist mir aufgefallen, dass ich es nicht verstanden habe. [> David Haller und Peter Mc Donough in opensuse-de]
-- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)