Discussion:
Why is the default user group "users"? and: rights and access to /var/mail
Nils Gillmann
2018-04-02 10:10:17 UTC
Permalink
Hi,

can someone tell me why in gnu/system/shadow module you thought
it would be a good idea to default to "users" as a shared group
for all accounts created as normal user profiles?

Reason why I'm asking has a second question attached:
Why does our opensmtpd-service (and dovecot?) create
/var/mail world readable, owned by root:root?
I'm working on integration of mailx (package done, debugging its
runtime currently[1]), though I think my concern is not exclusive to
mailx: I want users to be able to read mailboxes inside /var/mail
by their name (/var/mail/$username) and which are set to be r+w
only for $username:$username. If you want to list the content of
the folder you would need to be part of the wheel/sudo group,
otherwise you are just able to access your mailbox with your
mailreader.
$username:$username was what I learned as good and secure usage
for user accounts. Why GuixSD uses $username:users is beyond me.
I know recently the default chmod of the user $home was changed
(last year?) so I can no longer read other users homes, but I'm
still questioning the choice.
Some explanation on this would be good.


[1] Not sure if this is something you want to see in Guix master,
as a package and as integration. If you are, I'll work it into
my Guix repo when I'm done with it.
Nils Gillmann
2018-04-02 11:25:42 UTC
Permalink
Post by Nils Gillmann
Hi,
can someone tell me why in gnu/system/shadow module you thought
it would be a good idea to default to "users" as a shared group
for all accounts created as normal user profiles?
Why does our opensmtpd-service (and dovecot?) create
/var/mail world readable, owned by root:root?
I'm working on integration of mailx (package done, debugging its
runtime currently[1]), though I think my concern is not exclusive to
mailx: I want users to be able to read mailboxes inside /var/mail
by their name (/var/mail/$username) and which are set to be r+w
only for $username:$username. If you want to list the content of
the folder you would need to be part of the wheel/sudo group,
otherwise you are just able to access your mailbox with your
mailreader.
$username:$username was what I learned as good and secure usage
for user accounts. Why GuixSD uses $username:users is beyond me.
I know recently the default chmod of the user $home was changed
(last year?) so I can no longer read other users homes, but I'm
still questioning the choice.
Some explanation on this would be good.
I think I can achieve what I want with different settings and services.
root:root might still be a problem, but I need test more with this.

On $username:users, I was told that $username:$username is quiet
recent and new development in how defaults are set for Unix users.
With every user in one group we just need to watch chmod. So I guess
the decision was made when this one user group was still dominant.
Post by Nils Gillmann
[1] Not sure if this is something you want to see in Guix master,
as a package and as integration. If you are, I'll work it into
my Guix repo when I'm done with it.
Chris Marusich
2018-04-06 06:43:33 UTC
Permalink
Post by Nils Gillmann
can someone tell me why in gnu/system/shadow module you thought
it would be a good idea to default to "users" as a shared group
for all accounts created as normal user profiles?
Why does our opensmtpd-service (and dovecot?) create
/var/mail world readable, owned by root:root?
Does the opensmtpd-service allow a user to customize in their
<operating-system> declaration the permissions it will use for
/var/mail? If it does, then you should be able to specify precisely the
permissions you want on /var/mail.
Post by Nils Gillmann
I'm working on integration of mailx (package done, debugging its
runtime currently[1]), though I think my concern is not exclusive to
mailx: I want users to be able to read mailboxes inside /var/mail
by their name (/var/mail/$username) and which are set to be r+w
only for $username:$username. If you want to list the content of
the folder you would need to be part of the wheel/sudo group,
otherwise you are just able to access your mailbox with your
mailreader.
$username:$username was what I learned as good and secure usage
for user accounts. Why GuixSD uses $username:users is beyond me.
I know recently the default chmod of the user $home was changed
(last year?) so I can no longer read other users homes, but I'm
still questioning the choice.
Some explanation on this would be good.
In defense of the current default, my understanding is that in shared
systems, it is not uncommon to put users in a single group (e.g.,
users). I suppose the intent might be to make it easier for the users
to collaborate in such shared systems. So, I didn't find this behavior
very surprising. However, if you want to change the user/group
structure, you ought to be able to do so. I believe you can do that by
customizing the "users" and "groups" fields of your <operating-system>
declaration (see: (guix) operating-system Reference). You even should
to be able to remove the "users" group entirely if you don't want it.

Hope that helps!
--
Chris
Loading...