Closed weseven closed 6 months ago
hallyn
commented
6 months ago No - distros like debian may get caught off guard. There's nothing wrong with downstreams patching their values in their deltas. We do not lightly make changes which change defaults.
weseven
commented
6 months ago Understood, thanks for taking a look. Is there a possibility this change will be applied here in the future, and in the meantime give maintainers a notice that this will happen after some releases?
I still think it's a better default value than leaving it unset, and its impact is limited to useradd and newusers. I understand your concern in possibly changing historic behavior and respecting downstream maintainers, but it's also a downstream maintainer responsibility to read upstream changes and adapt the defaults to the distro expected use case.
Since the introduction of https://github.com/shadow-maint/shadow/pull/209, many distros started to set HOME_MODE by default:
I propose to set it to 0700 or at least 0750 by default, since it is a security best practice and it's something often tested by security benchmarks (e.g., CIS Benchmarks).