[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Debian FEATURE: /home/loser is with permissions 755, default umask 0022
From:       Russ Allbery <eagle () eyrie ! org>
Date:       2020-10-13 4:36:28
Message-ID: 87wnzu91yr.fsf () hope ! eyrie ! org
[Download RAW message or body]

Brian May <brian@linuxpenguins.xyz> writes:
> Jeffrey Walton <noloader@gmail.com> writes:

>> [...] like making /home/loser/www available to other users.

> Does anybody even do this anymore?

Yes, I'm still seeing this pattern in the academic world.  In general,
shared file systems and an expectation of a generous umask are still very
common in the academic and scientific world, where people routinely work
collaboratively on large data sets and share snippets of code and data
frequently.

> Once upon a time, a shared Unix system account come with an implied web
> account which you could use to publish files and create your own
> website. But I cannot personally think of any examples where this still
> happens. websystems and shell accounts are generally stored on distinct
> and independent systems.

I personally still maintain my web pages this way, although I'm not a good
example, of course, and it's on my list to change.  :)  But I have also
still seen this pattern in scientific work.  There's built-in support in
Apache still.

> Plus even if I was going to implement such a system today, I might
> seriously consider using - say "/web/loser" instead. Although this might
> have implications if quotas are important. Or maybe something that bind
> mounts /home/loser/www to /web/loser, that way the web software doesn't
> need access to /home/loser.

Yes, indeed.  It's certainly not an argument against changing the
defaults; a small amount of additional user work to actively choose to
share something is a better default approach.

-- 
Russ Allbery (eagle@eyrie.org)             <https://www.eyrie.org/~eagle/>
[prev in list] [next in list] [prev in thread] [next in thread]