[Pkg-shadow-devel] Bug#583971: login.defs: UMASK 022 (and have pam_umask relax it to 002 for private usergroups)

Martin Pitt martin.pitt at ubuntu.com
Fri Jun 24 09:12:49 UTC 2011 

Hello all,

I attach the patch which I uploaded to Ubuntu now. It updates the
UMASK and USERGROUPS_ENAB documentation according to the changes
proposed to bug 583958.

Thanks,

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
=== modified file 'debian/changelog'
--- debian/changelog	2011-02-20 23:59:18 +0000
+++ debian/changelog	2011-06-24 09:06:56 +0000
@@ -1,3 +1,13 @@
+shadow (1:4.1.4.2+svn3283-3ubuntu2) UNRELEASED; urgency=low
+
+  * debian/login.defs:
+    - Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+      handling does not only apply to "former (pre-PAM) uses".
+    - Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
+      this default for UPGs. (Closes: #583971)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Fri, 24 Jun 2011 11:05:34 +0200
+
 shadow (1:4.1.4.2+svn3283-3ubuntu1) natty; urgency=low
 
   * The "string cheese" release.

=== modified file 'debian/login.defs'
--- debian/login.defs	2010-11-24 13:42:42 +0000
+++ debian/login.defs	2011-06-24 09:05:20 +0000
@@ -139,6 +139,11 @@
 # There is no One True Answer here : each sysadmin must make up his/her
 # mind.
 #
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
 # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
 #
 ERASECHAR	0177
@@ -209,13 +214,14 @@
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
 # If set to yes, userdel will remove the user?s group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, such as Debian
-#
 USERGROUPS_ENAB yes
 
 #

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20110624/0c95212c/attachment.pgp>

More information about the Pkg-shadow-devel mailing list