[Pkg-shadow-devel] Documenting shadow package

Nguyen Vu Hung vuhung16plus at gmail.com
Mon Jan 19 10:12:50 UTC 2009 

On Mon, Jan 19, 2009 at 7:05 PM, Nicolas François
<nicolas.francois at centraliens.net> wrote:
> Hello,
>
> On Mon, Jan 19, 2009 at 10:42:58AM +0900, vuhung16plus at gmail.com wrote:
>>
>> I've tried to figure out why on some Linux system,
>> the default permission of an user's $HOME created
>> by the command "useradd" is 0700.
>>
>> useradd uses its own UMASK setting which is
>> read from the configuration file /etc/login.defs.
>>
>> "man 8 useradd" does refer to this file but I does not write
>> anything about UMASK setting neither in "man useradd" or login.defs
>>
>> By adding a line "UMASK 0022" to the end of /etc/login.defs,
>>
>> I propose that
>>
>> 1. Document the use of UMASK in "man 8 useradd"
>> 2. Document the use of UMASK in the file /etc/login.defs
>>     that comes with shadow package by default,
>>    so users will know how to use it.
>
> Thanks for the suggestions.
>
> UMASK is already documented as used by useradd, but the man page is not
> really explicit about what it does. I changed the description of UMASK to:
>
>       UMASK (number)
>           The file mode creation mask is initialized to this value. If not
>           specified, the mask will be initialized to 022.
>
>           useradd and newusers use this mask to set the mode of the home
>           directory they create
>
> And for non-PAM enabled systems:
>
>           It is also used by login to define users´ initial umask. Note that
>           this mask can be overriden by the user´s GECOS line (if QUOTAS_ENAB
>           is set) or by the specification of a limit with the K identifier in
>           limits(5).
>
Both looks OK.

>
> I also added the following to the default /etc/login.defs:
>
> # UMASK is also used by useradd and newusers to set the mode of new home
> # directories
The following text comes with debian,
pkg-shadow/debian/trunk/debian/login.defs,

--------------------------------------------------------------------------------------------------
# 022 is the "historical" value in Debian for UMASK when it was used
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#UMASK		022
---------------------------------------------------------------------------------------------------

I proposal adding this explanation to pkg-shadow's default login.defs so that
every distributions will benefit from your package( You are working on
an upstream package!!)

-- 
Best Regards,
Nguyen Hung Vu [aka: NVH] ( in Vietnamese: Nguyễn Vũ Hưng )
vuhung16plus{remove}@gmail.dot.com , YIM: vuhung16 , Skype: vuhung16dg
A brief profile: http://www.hn.is.uec.ac.jp/~vuhung/Nguyen.Vu.Hung.html

More information about the Pkg-shadow-devel mailing list