The next upcoming release of Ubuntu will close a security issue that’s been lingering around the popular desktop distro for more than a decade.
The original bug report filed in lieu of this issue back in 2006 has finally been marked as fixed by Alex Murray, Ubuntu Security Tech Lead, at Canonical.
Unlike many other distros, Ubuntu by default creates user home directories with world writable permissions. Murray once again flagged the issue late last year, arguing among other things that Ubuntu now has a significant customer and user-base in the public cloud and server space for whom the world-readable home directories are “more like a footgun than a feature.”
- These are the best Linux distros
- Here are the best Linux distros for business
- Check our list of the best Linux distros for developers
It was originally argued in 2006 that world-writable directories made Ubuntu more convenient for multi-user environments, as it made sharing files between multiple users on a shared desktop much easier.
However as Murray explained, the permissions could spell disaster in today’s connected environment.
Murray proposed changing the default settings to strip away write permissions from anyone except the owner of the directory. “By making this change now, this also gives 3 development releases and 2 interim releases to work through any unforeseen issues etc before landing in an LTS release,” explains Murray.
Since his plan didn’t receive any complaints, he has instead pushed it for implementation in the upcoming 21.04 release. With Ubuntu 21.04, newly-created users won't be world-readable but can of course be changed by the user/administrator if desired.
- These are the best laptops for running Linux
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.