Default permissions

On Mon, 2005-10-24 at 17:24 +0100, Colin Watson wrote:
> > Hogwash, I would say.  Login to any University UNIX machine and you will
> > not find 755 permissions on /home/*.
> 
> Not the Unix systems at the university I attended, to the best of my
> memory, with the probable exception of the heavily-locked-down mail
> host. 

At my university the umask is set to 066 and for good reasons.  If not,
what would prevent a student from copying another's program?  (Yes
students can still cheat, but by that requires two willing
participants--this open file policy allows one person to cheat off
everybody's stuff unwillingly).  What about the professor's upcoming
exam key that he forgets to change the permissions on?

If students/professors want something public they usually throw it in
~/public_html and you just grab it out of there (either through the web
or on the file system).

Windows has a concept of "Shared Documents".  Obviously it's usually a
moot point since users run as Administrator because it's more
"convenient" even though it's less secure.  Almost sounds strikingly
similar to this discussion... scary.

Food for thought:

By this logic iptables should be set to ACCEPT for all ports then you go
through ports 1-65535 by hand and individually set them to DENY, hoping
you caught all of them?  Of course not, the default is always DENY and
ports are set to ACCEPT as needed.