> The door is closed by default in bookworm. User home directories are > created with 0700 mode, see /usr/share/doc/adduser/README.gz and > /usr/share/doc/adduser/NEWS.Debian.gz As a result, it is necessary to > set ACLs e.g. to run unprivileged LXC containers.
That is not the point. The point us, that debian is creating a default user "for your daily work" at installation with umask 022. And we are not talking about experienced users, but of linux beginners. I doubt, they are aware of umask and rights and so. Debian is made for every people, not only for experienced people. Yes, when adduser cares about, this is one good step, but does not touch my argumentation. Also, when some other applicatiions are setting correct rights. Some do, some don't. That is not the point, too. The point is, should't we do it completely and make it standard by default - also and especially during installation to make debian more secure for unexprienced users and linux noobs? Best Hans
