A very happy new Aurora user here. I moved my main system to Aurora and am still in the process of setting everything up and additionally test a lot to move my family over from Windows to Aurora in the next couple of months.
While setting everything up and configuring everything I noticed that files and folders in my home directory are world-readable and I’m wondering why that is and if this is really necessary. Shouldn’t files/ folders be not world-readable by default?
For me atomic desktops with containerized apps (flatpaks) and the Fedora basis all stand for improved security and are the big pros, which lead me here.
But the default file permissions confuse me now.
I configured umask to be 0027 in the bashrc and in the plasmashell service and wanted to ask if that could or should maybe be the default for Aurora (and the other Images).
What are the arguments for the current umask (0022)?
I believe this is a matter of tending to follow whatever the upstream Fedora folks are providing. As stated in /etc/login.defs shipped by Fedora in regards to the default umask: “There is no One True Answer here: each sysadmin must make up their mind.”
That being said, the secureblue project does change the default umask to 027 (see the secureblue /etc/login.defs). If security/privacy is strong concern for you, I would consider checking if the secureblue images would be a better fit for you.
Oh no. When I was searching for a distribution for the whole family, it sent me down a rabbit whole, when I discovered this new (for me) world of atomic desktops. And now you sent me down the next rabbit whole
I read all the articles referenced by the secureblue git repo’s README and damn … I also thought that Flatpak apps are sandboxed and that we are more secured on Linux.
I really appreciate the explanation and the links, that really helped a lot!
It seems that secureblue is interesting to look at to play around a bit, but from reading the FAQ, there may be some issues and limitations, which my family won’t be able handle. I will stick with Aurora
And from some of the texts it seems that there will be quite a few things changing on Fedora side and consquently for Aurora as well in the near future and then our systems will also become more secure.
