Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160644 - useradd creates 0755 home directory
Summary: useradd creates 0755 home directory
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: shadow-utils
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-16 10:26 UTC by Manuel Pelayo
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-05 11:06:49 UTC


Attachments (Terms of Use)

Description Manuel Pelayo 2005-06-16 10:26:51 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
When you use the useradd command to create a new user, the new home directory is created with 0755 rights.



Version-Release number of selected component (if applicable):
shadow-utils-4.0.7-9

How reproducible:
Always

Steps to Reproduce:
1. Create a new user ex: foo
2. useradd foo
3. See the /home/foo directory
  

Actual Results:  # ls -l /home
total 8
drwxr-xr-x   2 foo    foo    4096 jun 16 12:00 foo

Expected Results:  # ls -l /home
total 8
drwx------   2 foo    foo    4096 jun 16 12:00 foo

Additional info:

Add this new line in the '/etc/login.defs' file to solve this :
UMASK 0077

Comment 1 Dario Lesca 2005-06-20 10:15:27 UTC
Also the first user created during the firstboot panel is created with 0755 rights.
Then after first user login remeber to do a "chmod -R go-rwx ~".

Comment 2 Peter Vrabec 2005-07-05 11:06:49 UTC
It's not bug. Everybody can set useradd to use different umask. I think it's 
good to stay using default mainstream umask 
 
see: 
http://lists.pld.org.pl/mailman/pipermail/shadow/2005-May/000102.html 

Comment 3 Gene Czarcinski 2005-07-25 15:03:12 UTC
Red Hat has enough modifications to shadow-utils to make this silly NOT to fix
this security problem!

In any case, use the luseradd command from the libuser package ... it creates
the user with the correct permissions (700) and selinux attributes.


Note You need to log in before you can comment on or make changes to this bug.