Bug#314539: [Pkg-shadow-devel] Bug#314539: please remove UMASK from login.defs

Alexander Gattin Alexander Gattin <arg@online.com.ua>, 314539@bugs.debian.org
Sat, 18 Jun 2005 01:37:06 +0300


Hi!

On Fri, Jun 17, 2005 at 08:09:07AM +0200, martin f krafft wrote:
> also sprach Christian Perrier <bubulle@debian.org> [2005.06.17.0751 +0200]:
> > This comes from a discussion in debian-devel. In that discussion, the
> > existence of the pam_umask module was also mentioned.
> 
> Even without pam_umask, the login.defs setting would only affect
> console logins,

Why so? I see different behaviour (/dev/pts/3).
Maybe you mean the difference between login and su?

> unless bash was used, which overrides them. zsh, for
> instance, does not specify a umask, so it gets 022 by default, and
> login.defs' value on the console. With the existence of all these
> corner cases, I would say: remove, and add a comment to refer people
> to /etc/profile (or equivalent) and libpam-umask.

I propose EXACTLY THE OPPOSITE -- remove all `umask
blahblahblah` from every possible /etc/profile,
/etc/bash.bashrc, /etc/csh.login, /etc/csh.cshrc,
/etc/skel/.bashrc, /etc/skel/.bash_profile and whatever
other shell rc in existence and put _there_ a comment
explaining why centralized umask management is better
from user point of view than something scattered across
the system in different shell configs, and why umask is
user-centric setting and not in any case shell-centric
one.
Then add to that comments links pointing to pam_umask
and other stuff that can really help.

Also, when shell does not set umask or user don't use a
real shell as login shell (e.g. "ppp" user with
/usr/sbin/pppd for shell) -- where will the umask be
set from?

Do you really think they could get it from
_/etc/profile_ in that case?

I think login/su _is_ the right place to start,
especially because there's "#ifdef USE_PAM" which
_could_ be a sort of magic chooser between either
login.defs or pam (pam_umask). That's not current
situation, though...

IMHO, the only reason for having the umask scattered
across shell rc files was then the lack of per-user
configurability for it in login.defs (but: I heard
about setting umask from GECOS...)

So people just put their preferred umask in their
personal .bash_profile or another shellrc, and setting
umask in _global_ shellrc came just "by analogy", while
there was definitely a better place for _global_ umask
setting (in login.defs, of course) even in those times.

P.S.
login/su/pam-centric setting of umask is better because
there may be several shells in system while semantics
of umask is user-bound. I.e., what could be a reason
for the same user to have different umask in different
shells? If there really will be found a one, then the
system can easily be declared non-standard and setting
umask in .shellrc files can de considered reasonable.

:^)

-- 
WBR,
xrgtn