On 3/23/23 14:36, Matthew Weigel wrote:
> On 2023-03-23 11:53 am, chuck@qatland.com wrote:
>
>> I did not look at the code at all for this. Only using existing
>> programs.
>> If this should not be working then a patch will be needed somewhere.
>
> I didn't give it a try, but I took your report at face value and looked
> closer at the code.
>
> When it copies /etc/skel over, it does so with a command like
> "pax -rw -pe /etc/skel
> /home/$USER"(https://github.com/openbsd/src/blob/869ed59d760a94e6086f364d91f2b56074421cc9/usr.sbin/user/user.c#L316)
> which sets all permissions, starting with /etc/skel. That's why it
> behaved
> as you observed, the way the original poster wanted.
>
>> However I will state that having the ability to set the default
>> permissions somewhere would be useful, and a requirement in some
>> environments.
>
> I agree, not that I have any say. It's also worth pointing out that you
> can have multiple skeleton directories and specify which one you want to
> use when you run the program; there's no need to change the default
> skeleton directory (or, it's possible to keep a traditional readable-by-
> all skeleton directory around even if you make it not the default).
>
> Matthew
>
I kinda like the /etc/skel directory providing the default. That's the
model for a new user -- it has a basic .profile, a .ssh directory
and empty .ssh/authorized_keys file, all with permissions properly set.
Yeah, I know some compliance people want to see complete privacy on
home directories, but that kinda defeats a point of a multi-user system,
that people might just want to collaborate with each other.
Nick.
No comments:
Post a Comment