Bug#477699: general: No read permission for /usr/include/GL directory

["Sergei Golovan" <sgolovan@nes.ru>]

On 4/24/08, Heikki Orsila <shd@modeemi.fi> wrote:
> On Thu, Apr 24, 2008 at 08:53:06PM +0400, Sergei Golovan wrote:
>  >
>  > root is not a usual user. His only purpose is to serve other users,
>  > and the results of his work should be accessible by them. So, it isn't
>  > wise to set root's umask to something different from 0022.
>
>
> I disagree. Perhaps I'm paranoid because I use umask 0077 to avoid
>  leaking files to other users. This doesn't seem to affect OTHER packages
>  in the Debian system. At least, make this policy consistent. In my
>  opinion, package system should not depend on root users umask. To
>  compare with "make install" systems, they usually set the permissions
>  correctly.

The point is that root must not own any file to hide from the other
users (with a few exceptions). If you don't use root account as your
working account then setting root umask to 0077 is unnecessary and
creates more harm than solves problems.

-- 
Sergei Golovan