[Pkg-shadow-commits] r270 - trunk/debian
Alexander Gattin
pkg-shadow-devel@lists.alioth.debian.org
Sun, 19 Jun 2005 12:36:35 +0000
Author: xrgtn-guest
Date: 2005-06-19 12:36:35 +0000 (Sun, 19 Jun 2005)
New Revision: 270
Modified:
trunk/debian/login.defs
Log:
Modified and extended comment about why UMASK usage is discoraged now.
Modified: trunk/debian/login.defs
===================================================================
--- trunk/debian/login.defs 2005-06-18 09:39:21 UTC (rev 269)
+++ trunk/debian/login.defs 2005-06-19 12:36:35 UTC (rev 270)
@@ -168,19 +168,23 @@
# The ULIMIT is used only if the system supports it.
# (now it works with setrlimit too; ulimit is in 512-byte units)
#
-# UMASK setting here is discouraged with the following rationale:
-# Since any login session these days will invoke a shell, there is no
-# point in having login.defs set the umask -- the shell will override
-# it anyway.
-# Moreover, login.defs is only used for console logins, not, for
-# nstance for SSH logins, so settign the umask here only
-# could end up in an inconsistent behaviour
-# See #314539 and #248150
-# as well as the thread starting at
+# UMASK usage is discouraged because it catches very limited class of user
+# entries to system, in fact only those made through login(1), while setting
+# umask in shell rc file will catch also logins through su, cron, ssh etc.
+#
+# At the same time, using shell rc to set umask won't catch entries which use
+# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
+# user and alike.
+#
+# Therefore we recommend using pam_umask (Debian package libpam-umask) as the
+# solution which catches all these cases on PAM-enabled system, which Debian
+# hopefully is. Another reason is confusion created by having umask set
+# in two different places -- in login.defs and shell rc files (i.e.
+# /etc/profile).
+#
+# For discussion, see #314539 and #248150 as well as the thread starting at
# http://lists.debian.org/debian-devel/2005/06/msg01598.html
#
-# Actually, the use of pam_umask is encouraged (Debian package libpam-umask).
-#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177