[Pkg-shadow-devel] Re: summary preparation for technical
comittee: setting the umask
Christian Perrier
bubulle at debian.org
Tue Oct 4 15:55:06 UTC 2005
> login:
> - comment the umask line
It *is* currently commented. This was done in 4.0.3-36
> - comment USERGROUPS_ENAB line #282822(patch)
Can (and, if I don't forget will, be donne in the next release)
> - make default umask setting UPG compliant (002) since we can't rely on
> USERGROUPS_ENAB anymore.
You mean the commented UMASK line, here, I assume?
I can also probably adapt the comment we have here:
# UMASK usage is discouraged because it catches only some classes of user
# entries to system, in fact only those made through login(1), while setting
# umask in shell rc file will catch also logins through su, cron, ssh etc.
#
# At the same time, using shell rc to set umask won't catch entries which use
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
#
# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
# as the solution which catches all these cases on PAM-enabled systems.
#
# This avoids the confusion created by having the umask set
# in two different places -- in login.defs and shell rc files (i.e.
# /etc/profile).
#
# For discussion, see #314539 and #248150 as well as the thread starting at
# http://lists.debian.org/debian-devel/2005/06/msg01598.html
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
# 022 is the "historical" value in Debian for UMASK when it was used
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#UMASK 022
The last part should then be change to:
# 022 is the "historical" value in Debian for UMASK when it was used
# in releases up to sarge included
# 002 is the recommended value as this is ow the default value when
# using pam_umask
#UMASK 002
More information about the Pkg-shadow-devel
mailing list