Schools have started installing/upgrading to 22.04.1 and we're just now seeing this.
This change takes away the ability of the users to share some of their data WITHOUT involving the administrator. It's not "privacy by default", it's "mandatory privacy". Privacy by default could be done with umask. Administrative actions can mitigate the issue, but they're tricky as they cannot easily be applied to users that haven't logged in yet and folders that don't exist yet. Sudoer scripts that would give the ability to the users to share stuff by themselves can be a worse security risk. On the other hand, encrypted home directories is a trend with similar issues. I guess it'll be a bit easier to rewrite all the programs that need access to /home/username to use other locations such as /run/user/XXX, /home/shared/XXX, /home/public_html/XXX, /var/lib/AccountsService/users/user/face.png, /var/spool/* etc, than to introduce an XDG specification for a new /home/user/private directory, and rewrite all the programs that need private or encryped data to use that one. That would be a much cleaner solution, but it can't be a goal for a single distribution. So while this change does require us to spend some weeks reimplementing our shared folders software, it might be for the best, let's see how it goes. Cheers! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to adduser in Ubuntu. https://bugs.launchpad.net/bugs/48734 Title: Home permissions too open Status in adduser package in Ubuntu: Fix Released Status in shadow package in Ubuntu: Fix Released Status in adduser source package in Hirsute: Fix Released Status in shadow source package in Hirsute: Fix Released Status in Ubuntu RTM: Opinion Bug description: Binary package hint: debian-installer On a fresh dapper install i noticed that the file permissons for the home directory for the user created by the installer is set to 755, giving read access to everyone on the system. Surely this is a bad idea? If your set on the idea can we atleast have a option during the boot proccess? Also new files that are created via the console ('touch' etc.) are done so with '644' permissons, is there anything that can be done here? nautlius seems to create files at '600', which is a better setting. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/48734/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
