[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setting umask globally

On Fri, 2005-06-17 at 00:33 +0200, Santiago Vila wrote:
> On Fri, 17 Jun 2005, martin f krafft wrote:
> > If one is faced with the task to set the umask globally for all
> > users and shells, this turns out to be a job of redundancy: every
> > shell uses its own file in /etc, and you end up making changes to
> > 5 files or more (depending on the number of installed shells).
> > What's worse: change the umask and you'll possibly forget one shell
> > or the other, which may cause delays in your user's work, or even
> > break things (yeah, you should not rely on umask; yeah, don't tell
> > me...)
> >
> > [ snipped gigantic hack ]
> >
> > So the plan is:
> >
> >   1. gather comments.
> >   2. file a bug against base-files to have the files included.
> >   3. once base-files hits unstable, mass-file bugs against all
> >      compatible shells and ask them to use it.
> >   4. rejoice.
> >
> > So, let's start at (1)...
> This is Unix, and we are system integrators. Our job is to make things
> simpler, not more complex. I wonder why people always consider
> base-files as the package of choice to implement all sorts of ugly
> global hacks.
> There is already an umask setting in /etc/login.defs. If it makes people
> happy, I will happily drop the umask setting from /etc/profile, so
> that people do not have to decide between login.defs and profile
> when trying to set an umask globally.
> Then we could make policy (or just convince the shell maintainers) that
> shells should not set umask in their default global initialization
> scripts, so that they do not override the one in /etc/login.defs.

pam umask should be used ... though this was adde to debian without much
integration. The setting in /etc/login.defs should be move to the end of
this file (settings obsolete by pam) and all /etc/pam.d files upgraded.

Do libpam-umask ought to be  "base" ?

And the setting removed from all shell/cron/X who knows specific
configuration file.

Thanks again Tollef for the great libpam-umask . I cannot wait for when
some fellow manages to make a libpam-path (which deal with a separate
path for root and users, maybe for su, ssh , cron too) ... it is time to
get rid of /etc/login.defs and hacks to work around it (especially su,
ssh and X login managers ).

Tese kind of small extensions does more for us administrators to get a
get a real life, children , etc than big g4c, yast ... :)

Reply to: