[Pkg-shadow-devel] Bug#581413: The default umask in Debian should be changed to '0002' to be fully compliant with user private groups
Jonathan Nieder
jrnieder at gmail.com
Wed May 12 23:17:59 UTC 2010
clone 581413 -1
# File: /usr/share/base-files/profile
reassign -1 base-files 5.3
quit
Hi Santiago,
Aaron Toponce wrote:
> To summarize: Debian uses user private groups (UPG) by default. This
> places each user on the system in their own default, private group, that
> no one else is, or should be, a member of. However, the default umask
> value for Debian is '0022'.
For what it’s worth, since this would not affect already-installed
systems, changing the default umask to 002 seems like a safe and
reasonable choice to me.
Regards,
Jonathan
[1] http://lists.debian.org/debian-devel/2010/05/msg00252.html
[2] http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1.13
[3] http://lists.debian.org/debian-user/1994/03/msg00105.html
[4] http://lists.debian.org/debian-user/1994/03/threads.html
[5] http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-users-groups-private-groups.html
* https://security.ias.edu/how-and-why-user-private-groups-unix
* http://www.oreillynet.com/onlamp/blog/2006/09/using_user_private_groups.html
More information about the Pkg-shadow-devel
mailing list