Bug 135475

Summary: When adding user. It use same default group users, and create user's directory as 755
Product: [openSUSE] SUSE LINUX 10.0 Reporter: John Hansen <jsh>
Component: YaST2Assignee: Marcus Meissner <meissner>
Status: RESOLVED WONTFIX QA Contact: Klaus Kämpf <kkaempf>
Severity: Critical    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: SuSE Linux 10.0   
Whiteboard:
Found By: System Test Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description John Hansen 2005-11-24 13:33:29 UTC 
It's first time I use suse 10.0. before I used Mandrake and fedora.

I noticed in suse 10.0 when you create a user with Yast2. It does not create a unique group ID for each user automaticaly; which is done in Mandrake and fedora for security reason.

Instead it use a default group.

Also in suse 10.0, when a user is created the permission of the user directory (/home/user) is rwxr-xr-x and the umask is set to 022 for the user. By this policy every user got access right to each other home directory. 

This give a bad reputation of LINUX security.

In Mandrake and fedora; when you create a user. It create a unique user ID and group ID. And users directory (/home/usr ) permission is rwx------  and user umask is 077
Comment 1 John Hansen 2005-11-24 13:45:40 UTC 
Using the default /etc/passwd scheme
Comment 2 Martin Lasarsch 2005-11-24 13:56:46 UTC 
marcus: could you comment on that?
Comment 3 Marcus Meissner 2005-11-24 14:35:11 UTC 
Linux is an Opensource operating system and so welcomes sharing of information.

Thats why by default everyone can *READ* others directories and files (except EMails).

If you need stricter permissions, you can adjust the default in /etc/login.defs (UMASK entry)

Point 2, putting users into seperate groups does not specifically help system security. While there is no easy way to change this default, you can of course 
override it manually when creating new users.
Comment 4 Thorsten Kukuk 2005-11-25 11:42:31 UTC 
*** Bug 135500 has been marked as a duplicate of this bug. ***