Merge pull request #169 from Carreau/no-everyone-read

Don't create home publicly readable
2025-12-18 21:54:05 +08:00 · 2018-09-03 14:51:05 +02:00
parent 8c82371416 5bbba2bd7c
commit d0b1e5c4c0
3 changed files with 22 additions and 2 deletions
--- a/docs/topic/security.rst
+++ b/docs/topic/security.rst
@@ -22,6 +22,10 @@ permissions.

 #. A home directory is created for the user under ``/home/jupyter-<username>``.

+#. The default permission of the home directory is change with ``o-rwx`` (remove
+   non-group members the ability to read, write or list files and folders in the
+   Home directory).
+
 #. No password is set for this unix system user by default. The password used
   to log in to JupyterHub (if using an authenticator that requires a password)
   is not related to the unix user's password in any form.
--- a/tests/test_user.py
+++ b/tests/test_user.py
@@ -3,6 +3,8 @@ Test wrappers in tljw.user module
 """
 from tljh import user
 import os
+import os.path
+import stat
 import uuid
 import pwd
 import grp
@@ -23,9 +25,16 @@ def test_ensure_user():
        # Create user!
        user.ensure_user(username)
        # This raises exception if user doesn't exist
-        ent = pwd.getpwnam(username)
+        entry = pwd.getpwnam(username)
        # Home directory must also exist
-        assert os.path.exists(ent.pw_dir)
+        home_dir = entry.pw_dir
+        assert os.path.exists(home_dir)
+        # Ensure not word readable/writable especially in teaching context
+        homedir_stats = os.stat(home_dir).st_mode
+        assert not (homedir_stats & stat.S_IROTH), "Everyone should not be able to read users home directory"
+        assert not (homedir_stats & stat.S_IWOTH), "Everyone should not be able to write users home directory"
+        assert not (homedir_stats & stat.S_IXOTH), "Everyone should not be able to list what is in users home directory"
+
        # Run ensure_user again, should be a noop
        user.ensure_user(username)
        # User still exists, after our second ensure_user call
--- a/tljh/user.py
+++ b/tljh/user.py
@@ -6,6 +6,7 @@ Supports minimal user & group management
 import pwd
 import grp
 import subprocess
+from os.path import expanduser


 def ensure_user(username):
@@ -27,6 +28,12 @@ def ensure_user(username):
        username
    ])

+    subprocess.check_call([
+        'chmod',
+        'o-rwx', 
+        expanduser('~{username}'.format(username=username))
+    ])
+

 def remove_user(username):
    """