Bug#314539: [Pkg-shadow-devel] please remove UMASK from login.defs

Alexander Gattin Alexander Gattin <arg@online.com.ua>, 314539@bugs.debian.org
Mon, 20 Jun 2005 11:09:35 +0300


Hi!

On Mon, Jun 20, 2005 at 08:33:48AM +0200, martin f krafft wrote:
> also sprach Christian Perrier <bubulle@debian.org> [2005.06.20.0803 +0200]:
> > > Summary: I would better wait _till_ pam_umask finds its way into
> > > default Debian /etc/pam.d/common-session, and comment UMASK out
> > > _after that_.
...
> I tend to agree; let's change existing practice when new and better
> practice is *in place* and working. I would not object to see
> libpam-umask in base, but I don't think it's going to happen "just
> like that".
> 
> Maybe we should start small and add comments for now?

Yes, and I won't object commenting out UMASK in login.defs
besides just adding comments.
This will serve as "making first step".

Anyway, changes will not affect stable Debian, end
even in testing/unstable the number of _logins_ really
affected will be relatively small.

> > Alex seems to have well proven that UMASK in login.defs is
> > *currently* the only way to be sure that all possible ways to
> > login to a system will have the right mask.
> 
> Proof incomplete... log in via SSH into a zsh shell and no umask
> setting will take effect.

No, I don't state that UMASK is there to gatch all
entries of user to system. It just helps to catch a
little bit more logins thath just with /etc/profile.

P.S.
Let's call set of entries caught with UMASK L,
and set of entries caught with /etc/profile S.

* L and S intersect.
* S is generally larger than L.
* but L - S == N, where N is set of entries to system
  through login(1) using non-shell in place of login
  shell or using a shell which does not set umask by
  itself.

Of course, my main point is that L + S > S.
I think that having L + S is better than just S.
-- 
WBR,
xrgtn