Ian Kent wrote:
So are you saying you don't have sufficient faith in the permissions set on the file systems your mounting, that contain the information you want to protect, that you must have the permissions of an intermediate file system set to ensure that information about that vulnerability is not seen?
I do know that there's no vulnerability at all, and that you can trivially list users by other means.
Unfortunately, some of my less tech savvy users believe that there's a vulnerability because they can see other accounts' home directories, and thus feel that their own files are not safe. Is this stupid? absolutely. But changing my /home permissions to 751 makes those users happy and saves my time -- and my reputation as a sysadmin :)
I also do realize that the 755 permissions come from the autofs kernel filesystem itself. But the kernel doesn't support a 'mode' option for autofs (some other file systems do), and even if it did, autofs would have to be patched to support it (in a slightly different way than my current patch).
I understand that my use case may be a corner case, and I'm perfectly fine with keeping my patch in my own tree. I figured that since I had written the patch for myself anway, I may as well post it here as it could be useful for others :)
Thanks! -- Cyril B. -- To unsubscribe from this list: send the line "unsubscribe autofs" in
