From: Thorsten K. <ku...@su...> - 2010-10-21 13:00:45
|
On Wed, Oct 20, Dmitry V. Levin wrote: > On Wed, Oct 20, 2010 at 03:48:49PM +0400, Dmitry V. Levin wrote: > > On Wed, Oct 20, 2010 at 12:57:03PM +0200, Thorsten Kukuk wrote: > > > On Wed, Oct 20, Dmitry V. Levin wrote: > > > > > > > > Actually, pam_mkhomedir creates the home directory with hardcoded > > > > permissions 0755, then populates it, and finally sets requires ownership > > > > and permissions. I'd suggest to make it a bit more secure and create the > > > > home directory with intermediate permissions 0700. Also, there are no > > > > need to check for parent directories on every recursion step. The only > > > > place where missing parent directories should be created is the creation > > > > of the home directory itself. > > > > > > Since the whole copy process is done in recursion, and rec_mkdir > > > does already very early a check for parent directory, I don't see > > > the need to make changes here. > > > > There is no _need_ to change this algorithm, but it could be simplified. > > I meant something like this: That's fine with me. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) |