Bug#269583: [Pkg-shadow-devel] Bug#269583: Which setting really affects the default umask?
Alexander Gattin
Alexander Gattin <arg@online.com.ua>, 269583@bugs.debian.org
Sat, 16 Apr 2005 02:40:57 +0300
Hi!
On Fri, Apr 15, 2005 at 07:12:33PM +0200, Christian Perrier wrote:
> ====================================================
> The default UMASK value 022 is insecure for default Debian installation.
> I suggest using more strict 027 in /etc/login.defs
For what? The default is there for years. Who wants
will change that him/herself.
> Indeed, even when I change this setting in /etc/login.defs, I still
> get a OO22 umask.
>
> Is the setting in /etc/login.defs still used or do I again miss some
> PAM magic here?
No, the matter is much more simple. The umask is also
frequently set in shell rc scripts. Look into .bashrc,
.bash_profile, .profile and so on including system-wide
files (especially /etc/profile ;)).
Here we have a problem of keeping a single setting in a
bunch of different places, while there should be exactly
two -- system-wide PAM plus per-user PAM (currently
there is no such module in existence).
--
WBR,
xrgtn