Default permissions

On Thu, 2005-10-20 at 21:40 +0200, John Nilsson wrote:
> Is there _any_ reason for having o+r?
> 
> /home/* should default to 07[0157]1, IMHO 0701 would be sensible. That
> way if someone decides to set the default group to "users" some times in
> the future no unexpected insecurities would be introduced.
> (o+x for public_html to work. Is there no better way to provide this
> service?)

Well there are a few reasons why some files need to be world-readable in
a user's home directory.  See bug #13888.

Let me paste part of my bug comment[1] here (it is a more
discussion-oriented comment, but this thread wasn't around when I wrote
it yesterday).  I'll leave out my use-case as one has already been
established for the thread:

Personally I think that home accounts should be created as 700
(disregarding other technical implications for the moment).

Couldn't ACL's be used to remedy this problem?  GDM could be assigned access to
~/.face and apache to ~/public_html.  Of course how ~/public_html would get the
right permissions when the user creates it would probably be an entire problem
in and of itself.

[1] http://bugzilla.ubuntu.com/show_bug.cgi?id=13888#c6