Bug#314539: [Pkg-shadow-devel] please remove UMASK from login.defs
Alexander Gattin
Alexander Gattin <arg@online.com.ua>, 314539@bugs.debian.org
Sun, 19 Jun 2005 15:26:09 +0300
Hi!
On Sun, Jun 19, 2005 at 10:15:14AM +0200, Christian Perrier wrote:
> > Yes, but while login.defs can't catch all entries of a
> > user to system (like through cron/at/ssh etc.) which
> > shellrc can catch, it _can_ still catch entries of user
> > with a non-shell (pppd) or with a shell which don't set
> > umask (tcsh in Debian by default, AFAIS).
> >
> > Thus currently UMASK in login.defs _has_ some use.
> > That's why I think it's not a right time yet to remove
> > it from there.
> At this point, guys, your discussion still leads me to the conclusion
> that having UMASK in the *default* login.defs may induce more
> confusion than benefits.
IMHO, it's better to target controllability than
elimination of confusion.
The whole point of having UMASK in login.defs nowadays
is catching the remaining entry points of user into
system that shellrc can't catch -- i.e. the
abovementioned logins using non-shell executables or
shells that don't set umask in their rc scripts.
Summary: I would better wait _till_ pam_umask finds its
way into default Debian /etc/pam.d/common-session,
and comment UMASK out _after that_.
Having pam_umask by default will catch almost all
entries of user into system and will make UMASK in
login.defs and umask in shellrc unnecessary.
> As we seem to agree that the right direction is encouraging the use of
> pam_umask, I tend to prefer keeping the UMASK setting commented (sse
> debian/login.defs in trunk/) with a wide comment about the issue.
>
> Alex, please review what's currently in the trunk.
Yes, I'm looking there -- already found several typos.
--
WBR,
xrgtn