I noticed by trying to add a second user "user2" in ubuntu 6.06 that the permissions of my first user "user1" where drwxr-xr-x which means that by Default Ubuntu lets any other added user have access to my user1 directory!!!

I was giving VNC access to user2 and fortunately noticed that he could actually sneak in my user1 home directory!!!!

what do you think????

If you want to keep people out of your home directory, then change its permissions:
chmod 700 /home/user1

yes I know that... but the point indeed is that ubuntu 6.06 has a little glitch here.. Still have to check 6.10!!
will someone check it for me?

This is the default behaviour on many Linux distros. You can change this behaviour by adjusting the umask value in /etc/profile (this will only affect new users). For existing users, use chmod as mentioned above.

One man's bug is another man's feature. For a home network, I want other users to have read access to my home directory. If that's not appropriate for your purposes, you're free to change it, but that doesn't make it a bug.

On other distro's, a group is created for each user by the same name and that is used for the default group. I am currently using SuSE and it uses the users group instead. You could manually create a group for each user and make that a users default group if you wished.

That sound a little "Windows-like" attitude... by default a computer should permit the least possible.. if you wanted a feature which could be a risk for a generical unknowing user *You* should manually edit permissions!!!
In that way I consider it a bug...

Exactly what risk are you referring to? There's nothing inherently insecure about letting other users read your home diectory. Did you have some particular scenario in mind?

My take on this. Its not a bug and it does not need fixing because you can use umask to change permissions on home directories. If you want a distro that has private groups (meaning that other users can't browse your files) right out of the box, then use the likes of Redhat, Fedora, Mandriva etc. If you like Ubuntu, then just change your umask value before adding other users to the system and change the perms for the admin users home directory.

When I think of a folder for each user I implicitly think it is my folder only not everyones... If I put valuable data in it I should know any user on the computer can read/modify it..
I discovered the risk by giving vnc access to a special limited account to internet users and discovering these users could tamper the whole /home/ directory!!

In what way does read-only access allow tampering? I don't know how you can tamper with something if you can't change it.

Your interpretation of user home directories is not unreasonable, it's just not the interpretation the Ubuntu devs take. For a home desktop where only trusted users can log in, private home directories can be more of a nuisance than a benefit. This goes especially for non-technical users who may not understand how file permissions work and just want to look at that photo little Johnny downloaded yesterday. Since Ubuntu is supposed to be "Linux for human beings," the devs probably figured cattering to that group was the most user-friendly choice. It's not an error, just a difference in priorities.

For a home environment, it would make it easier for users to share files. If you are running a multiuser server, you already know about changing group ownership and the like because that is how you would set up groups for the sake of sharing files. One way isn't right, it's just two ways of doing things. You can easily change it if you want.