Bug#314539: [Pkg-shadow-devel] please remove UMASK from login.defs
Alexander Gattin
Alexander Gattin <arg@online.com.ua>, 314539@bugs.debian.org
Sat, 18 Jun 2005 23:29:59 +0300
Hi!
On Sat, Jun 18, 2005 at 08:39:08PM +0200, martin f krafft wrote:
> also sprach Alexander Gattin <arg@online.com.ua> [2005.06.18.0037 +0200]:
Ypu can omit my e-mail when replying to this list ;)
> > Why so? I see different behaviour (/dev/pts/3).
> > Maybe you mean the difference between login and su?
> /etc/profile:#umask 0007
> /etc/login.defs:UMASK 0007
> madduck@seamus:~$ umask
> 0022
IMHO, you just missed something...
First, here are my settings for the test:
> ramazan@cherokee:~$ egrep -i "^#?umask" /etc/login.defs /etc/profile .bash_profile
> /etc/login.defs:UMASK 027
> /etc/profile:#umask 022
> .bash_profile:#umask 022
Then, I run login:
> ramazan@cherokee:~$ exec login
> cherokee login: ramazan
> Password:
> Last login: Sat Jun 18 22:59:51 2005 on pts/5
> No mail.
> ramazan@cherokee:~$ umask
> 0027
> > I propose EXACTLY THE OPPOSITE -- remove all `umask
> [...]
> > Then add to that comments links pointing to pam_umask
> > and other stuff that can really help.
>
> That's not the opposite of what I had proposed.
Actually, yes ;)
I hope we will come to some reasonable conclusion.
> > Also, when shell does not set umask or user don't use a
> > real shell as login shell (e.g. "ppp" user with
> > /usr/sbin/pppd for shell) -- where will the umask be
> > set from?
>
> With libpam_umask: the right place
> Anything else: undefined
Why? login.defs is not a bad place for setting umask
through _login_ (it should also be respected by `su -`
IMHO).
But, user may enter the system through cron, ssh and
other places, which don't pass through login/su/login.defs
but though PAM do.
This is the actual reason why login.defs should be
obsoleted sometime in favor of pam_umask or similar.
> > Do you really think they could get it from _/etc/profile_ in that case?
>
> I think you should not work yourself up over it.
Sorry, I don't understand what do you mean here...
> > configurability for it in login.defs (but: I heard about setting
> > umask from GECOS...)
>
> Have a pointer?
I'll simply explain: in GECOS the last 5th field (after
full name, room number, work and home phone #s, may
contain parameters like "umask=0026,pri=5" etc.
For details see shadow/libmisc/limits.c
BTW, here you see that umask had commod codebase with
limits. Actually it was set in set_limits() procedure,
but newer PAM approach has split limits into pam_limits
which supports per-user settings and pam_umask which is
far too more primitive than legacy code was regarding
umask/pri(nice)/ulimit/GECOS...
This stupid pam_umask can only operate globally.
> > So people just put their preferred umask in their personal
> > .bash_profile or another shellrc, and setting umask in _global_
> > shellrc came just "by analogy", while there was definitely
> > a better place for _global_ umask setting (in login.defs, of
> > course) even in those times.
>
> You clearly have never worked with "users".
Or, no, I do almost every day. :-/
--
WBR,
xrgtn