fixGpgHome script: Chmods $HOME to 755, Why?

roterbereich's Avatar

roterbereich

25 May, 2016 08:34 PM

**Paste version-info of all components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info-of-the-installed-tools):**
GPGMail 2.6b2 (1105b)
GPG Keychain 1.2.1 (1147)
GPGServices 1.10.1 (871)
MacGPG2 2.0.28 (855)
GPGPreferences 1.5 (846)

**Describe your problem. Add as much detail as possible.**
I want my homedirectory to be set to mode 700
On every login, it is set back to mode 755
After hours of debugging the whole system, I figured out that it's GPGTools causing this, more precisely it is
/Library/LaunchAgents/org.gpgtools.macgpg2.fix.plist
which calls
/usr/local/MacGPG2/libexec/fixGpgHome
which contains the "chmod 755" statement.

**What did you expect instead**
I expect a software with privacy and security in mind to NOT make my homedirectory readable for the world. In fact, I want no software messing around with my home directories permissions - my homedir is my business exclusively.
Reading that script, I must assume this is intended to be a feature, rather than a bug.
Why is this?
What functionality do I lose when I disable that script (which I will and must!)?
Any chance this get's fixed in a near future release?

**Describe steps leading to the problem.**
Login into the system

**Are you using any other Mail.app plugins?**
No

  1. Support Staff 1 Posted by Luke Le on 26 May, 2016 09:05 AM

    Luke Le's Avatar

    Hi,

    we absolutely understand your concern.
    The reason why we're "re-setting" the permissions on the home folder is that we've seen issues in the past, were the permission got messed up (by some system problem) and suddenly gpg didn't list any keys anymore. Our users affected by that problem thought they've lost access to their messages and files and were terrified. Fixing the permissions brought the keys back and everything was fine.
    755 are the default permissions set by OS X if you create a new user on a default install.

    We'll discuss it internally if "re-setting" the permission on the .gnupg folder should suffice and will update the fixGpgHome script accordingly.

    For the time being, we recommend you keep the script alive, since it's helpful if for some reason your configuration gets messed up, but change remove the line changing your HOME folders permissions.

    You can track the progress of this issue at the following ticket:
    https://gpgtools.lighthouseapp.com/projects/65162-installer/tickets...

  2. 2 Posted by roterbereich on 26 May, 2016 09:05 PM

    roterbereich's Avatar

    Thanks for the quick reply.

    Maintaining my homefolder "private" against 3rd party eyes outweights any potential benefit for a particular program.
    I'll change the line in question.

    I am fully aware that OS X defaults to mode 755 for home folders (which remains a mystery to me).
    Insensible defaults (by Apple) are one thing, but modifying a users security on the other hand is a no go and should never be done (rather list it as a requirement in documentation, if really, really beneficial).

    So I really hope that change will make it to release.

    Best, R.

  3. Support Staff 3 Posted by Luke Le on 27 May, 2016 01:20 PM

    Luke Le's Avatar

    We've discussed this change in our team and all agree that the sensible thing to do is to remove this line and not touch the $HOME folder directly.

    The change will be included in one of the next nightlies and in our next official release.

    Thank you very much for reporting this problem!

  4. Steve closed this discussion on 27 May, 2016 02:22 PM.

  5. Steve closed this discussion on 31 May, 2016 09:28 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac