Bug 13718

Summary: Confidentiality not ensured for the account(s) set at installation
Product: Mageia Reporter: kalagani kalagani <kalagani>
Component: InstallerAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal CC: sylvainsjc
Version: 4   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description kalagani kalagani 2014-07-10 17:09:03 CEST
Description of problem:

during installation from iso, installer asks to create a first account,
you create and ended installation.

Then with Mageia installed and running you create a second account with CCM.
So you have now 2 accounts.
But surprise, these 2 accounts do not have the same rights!
The second can see all data about the first 
while this first cannot see data about second account.

So confidentiality is not ensured for the account(s) created with installer!

Below 
patrick account set with installer
zinvite account created after installation with CCM

[zinvite@localhost home]$ ll
total 24
drwx------  2 root    root    16384 avril  6  2004 lost+found/
drwxr-xr-x 25 patrick patrick  4096 juil.  8 16:11 patrick/
drwx------ 20 zinvite zinvite  4096 juil.  8 21:40 zinvite/

I expected
drwx------ 25 patrick patrick  4096 juil.  8 16:11 patrick/

Rule in Mageia describes this behavior:
http://doc.mageia.org/installer/4/en/content/addUser.html#addUserAdvanced
"Note

Any user you add while installing Mageia, will have a world readable (but write protected) home directory.

However, while using your new install, any user you add in MCC - System - Manage users on system will have a home directory that is both read and write protected.

If you don't want a world readable home directory for anyone, it is advised to only add a temporary user now and to add the real one(s) after reboot.

If you prefer world readable home directories, you might want to add all extra needed users in the Configuration - Summary step during the install. Choose User management.

The access permissions can also be changed after the install."

So if you want confidentiality, you must delete the user set at install, what a stupid thing to do for a "newbie"!

I am thinking this rule comes from Mandriva
I believe Fedora do not use this rule and set all account with
drwx------

Reproducible: 

Steps to Reproduce:
Comment 1 Manuel Hiebel 2014-07-10 19:27:07 CEST
looks a duplicate

*** This bug has been marked as a duplicate of bug 618 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Sylvain ZUCCA 2014-07-10 19:27:49 CEST

CC: (none) => sylvainsjc