Bug#269583: [Pkg-shadow-devel] Bug#269583: Which setting really affects the default umask?

[Christian Perrier]

Quoting Alexander Gattin (arg@online.com.ua):
> Hi!
>=20
> On Fri, Apr 15, 2005 at 07:12:33PM +0200, Christian Perrier wrote:
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> > The default UMASK value 022 is insecure for default Debian installati=
on.
> > I suggest using more strict 027 in /etc/login.defs
>=20
> For what? The default is there for years. Who wants
> will change that him/herself.

Well, that will come after. Such change is anyway a candidate for
[DEBIAN DECISION] tag and ask -devel or technical comitee.

> > Indeed, even when I change this setting in /etc/login.defs, I still
> > get a OO22 umask.
> >=20
> > Is the setting in /etc/login.defs still used or do I again miss some
> > PAM magic here?
>=20
> No, the matter is much more simple. The umask is also
> frequently set in shell rc scripts. Look into .bashrc,
> .bash_profile, .profile and so on including system-wide
> files (especially /etc/profile ;)).

Hey, I did so. I tested this with my usual "tintin" test account with
no dot file in his home.=20

And, bloody crap, I forgot about /etc/profile...:-)

So, yeah, it works as expected.

Now, the problem is changing the default. IMHO, 077 would be better
than 027, but as mentioned above, this more seems to be a general
Debian decision anyway.

Besides this, things should be harmonised because indeed su does not
use login.defs as far as I know....so the only place to set the
default umask then becomes /etc/profile.

Any argument pro/con setting the default to 077=A0? Except the "it's
like that for years" of course...after all, Microsoft Windows has also
been here for years...:-)