Bug#314539: [Pkg-shadow-devel] Bug#314539: please remove UMASK from login.defs

martin f krafft martin f krafft <madduck@debian.org>, 314539@bugs.debian.org
Sat, 18 Jun 2005 20:39:08 +0200 

--TiqCXmo5T1hvSQQg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

also sprach Alexander Gattin <arg@online.com.ua> [2005.06.18.0037 +0200]:
> Why so? I see different behaviour (/dev/pts/3).
> Maybe you mean the difference between login and su?

[ssh into the box; login shell /bin/bash]
madduck@seamus:~$ egrep -i '00(07|22)' /etc/profile ~/.bash_profile /etc/lo=
gin.defs
/etc/profile:umask 0007
/etc/login.defs:#UMASK    0007
madduck@seamus:~$ umask
0007
[...]
[new login, after changing /etc/profile and /etc/login.defs as shown]
madduck@seamus:~$ egrep -i '00(07|22)' /etc/profile ~/.bash_profile /etc/lo=
gin.defs
/etc/profile:#umask 0007
/etc/login.defs:UMASK   0007
madduck@seamus:~$ umask=20
0022

> I propose EXACTLY THE OPPOSITE -- remove all `umask
[...]
> Then add to that comments links pointing to pam_umask
> and other stuff that can really help.

That's not the opposite of what I had proposed.

> Also, when shell does not set umask or user don't use a
> real shell as login shell (e.g. "ppp" user with
> /usr/sbin/pppd for shell) -- where will the umask be
> set from?

With libpam_umask: the right place
Anything else: undefined

> Do you really think they could get it from _/etc/profile_ in that case?

I think you should not work yourself up over it.

> configurability for it in login.defs (but: I heard about setting
> umask from GECOS...)

Have a pointer?

> So people just put their preferred umask in their personal
> .bash_profile or another shellrc, and setting umask in _global_
> shellrc came just "by analogy", while there was definitely
> a better place for _global_ umask setting (in login.defs, of
> course) even in those times.

You clearly have never worked with "users".

--=20
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
=20
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
=20
perl -e 'print "The earth is a disk!\n" if ( "a" =3D=3D "b" );'
                                                   (dedicated to nori)

--TiqCXmo5T1hvSQQg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCtGpMIgvIgzMMSnURAmitAJ9mL6vcEMY+AYrACJ+UZS8IIg+C6ACgy5jX
+qlp9aX9b5MAMPwVGFJFtuA=
=aF8M
-----END PGP SIGNATURE-----

--TiqCXmo5T1hvSQQg--