On Mon, Aug 02, Mathias Homann wrote:
Am Sonntag, 1. August 2021, 15:15:20 CEST schrieb Giuseppe Fierro:
I've returned to OpenSUSE after years and it was quite shocking to see the weird permissions for user's home directory.
How about switching to "user private groups" the way red hat does it?
For system accounts we do this even today already. So only a little step to do it for normal users, too.
it's a two fold thing:
1. each user has a dedicated primary group with the same name as their username 2. default permissions are 640 for regular data, use 0600 for sensitive stuff and home directories.
then, to give user fred read access to toms files: "usermod -aG tom fred"
So people either need admin access to usermod or they always need to look for an admin if you want to exchange files with one other person. I'm pretty sure the result will be that most people will use "644" then. I don't care if we have a shared users group or "private" groups, from a security perspective, the result is similar if people don't care about their permissions. But to argument with "security" is the wrong road, because this will not increase "security" by a single jota. Thorsten
Cheers MH
-- Mathias Homann Mathias.Homann@openSUSE.org OBS: lemmy04 Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
-- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)