tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/49317-fixgpghome-script-chmods-home-to-755-whyGPGTools: Discussion 2018-10-18T19:57:01Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/399687642016-05-25T20:34:09Z2016-05-25T20:34:10ZfixGpgHome script: Chmods $HOME to 755, Why?<div><p><strong>Paste version-info of all components (how to: <a href="https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info-of-the-installed-tools">
https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...</a>):</strong>
GPGMail 2.6b2 (1105b)<br>
GPG Keychain 1.2.1 (1147)<br>
GPGServices 1.10.1 (871)<br>
MacGPG2 2.0.28 (855)<br>
GPGPreferences 1.5 (846)</p>
<p><strong>Describe your problem. Add as much detail as
possible.</strong> I want my homedirectory to be set to mode
700<br>
On every login, it is set back to mode 755<br>
After hours of debugging the whole system, I figured out that it's
GPGTools causing this, more precisely it is<br>
/Library/LaunchAgents/org.gpgtools.macgpg2.fix.plist which
calls<br>
/usr/local/MacGPG2/libexec/fixGpgHome which contains the "chmod
755" statement.</p>
<p><strong>What did you expect instead</strong> I expect a software
with privacy and security in mind to NOT make my homedirectory
readable for the world. In fact, I want no software messing around
with my home directories permissions - my homedir is my business
exclusively.<br>
Reading that script, I must assume this is intended to be a
feature, rather than a bug.<br>
Why is this?<br>
What functionality do I lose when I disable that script (which I
will and must!)?<br>
Any chance this get's fixed in a near future release?</p>
<p><strong>Describe steps leading to the problem.</strong> Login
into the system</p>
<p><strong>Are you using any other Mail.app plugins?</strong>
No</p></div>roterbereichtag:gpgtools.tenderapp.com,2011-11-04:Comment/399687642016-05-26T09:05:42Z2016-05-26T09:07:53ZfixGpgHome script: Chmods $HOME to 755, Why?<div><p>Hi,</p>
<p>we absolutely understand your concern.<br>
The reason why we're "re-setting" the permissions on the home
folder is that we've seen issues in the past, were the permission
got messed up (by some system problem) and suddenly gpg didn't list
any keys anymore. Our users affected by that problem thought
they've lost access to their messages and files and were terrified.
Fixing the permissions brought the keys back and everything was
fine.<br>
755 are the default permissions set by OS X if you create a new
user on a default install.</p>
<p>We'll discuss it internally if "re-setting" the permission on
the .gnupg folder should suffice and will update the fixGpgHome
script accordingly.</p>
<p>For the time being, we recommend you keep the script alive,
since it's helpful if for some reason your configuration gets
messed up, but change remove the line changing your HOME folders
permissions.</p>
<p>You can track the progress of this issue at the following
ticket:<br>
<a href="https://gpgtools.lighthouseapp.com/projects/65162-installer/tickets/199-dont-chmod-home-in-fixgpghome">
https://gpgtools.lighthouseapp.com/projects/65162-installer/tickets...</a></p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/399687642016-05-26T21:05:17Z2016-05-26T21:05:17ZfixGpgHome script: Chmods $HOME to 755, Why?<div><p>Thanks for the quick reply.</p>
<p>Maintaining my homefolder "private" against 3rd party eyes
outweights any potential benefit for a particular program.<br>
I'll change the line in question.</p>
<p>I am fully aware that OS X defaults to mode 755 for home folders
(which remains a mystery to me).<br>
Insensible defaults (by Apple) are one thing, but modifying a users
security on the other hand is a no go and should never be done
(rather list it as a requirement in documentation, if really,
really beneficial).</p>
<p>So I really hope that change will make it to release.</p>
<p>Best, R.</p></div>roterbereichtag:gpgtools.tenderapp.com,2011-11-04:Comment/399687642016-05-27T13:20:15Z2016-05-27T13:20:15ZfixGpgHome script: Chmods $HOME to 755, Why?<div><p>We've discussed this change in our team and all agree that the
sensible thing to do is to remove this line and not touch the $HOME
folder directly.</p>
<p>The change will be included in one of the next nightlies and in
our next official release.</p>
<p>Thank you very much for reporting this problem!</p></div>Luke Le