(profile::ccs::home) handle EL8+ login.defs home dir perms #1199
Conversation
glennmorris
force-pushed
the
IT-5402/ccs-home-dirs
branch
from
8905307 to
9e0c4ba
Compare
glennmorris
force-pushed
the
IT-5402/ccs-home-dirs
branch
from
9e0c4ba to
f1e2c3e
Compare
| file_line { 'Change default home permissions for EL8+': | ||
| path => '/etc/login.defs', | ||
| match => '^HOME_MODE\s', | ||
| line => 'HOME_MODE 0755', |
There was a problem hiding this comment.
I think this would probably apply to home dirs created for IPA users as well. What is trying to be accomplished?
There was a problem hiding this comment.
Having it apply to IPA users is the wanted behaviour.
The intent is to make the home dirs of normal users world-readable by default, since this is a collaborative enterprise and people need to share work.
There was a problem hiding this comment.
This needs to wait until Cristian returns from leave next week for further discussion.
OK. If you want to keep them private (by default) for some security purposes, we'll live with it, but otherwise historically the CCS team's position was that we are all in this together, and these systems are designed for shared work towards common goals, not private silos. |
|
PS. the existing code that makes them public on CentOS 7 hosts has been in place for 4 years. |
|
So, any thoughts/discussion about this? |
|
No "further discussion" of any kind has happened in six months. 🤷♂️ |
To make new home directories world-readable by default in EL8+, it is necessary to modify HOME_MODE in /etc/login.defs.