[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#477699: general: No read permission for /usr/include/GL directory

On 4/24/08, Heikki Orsila <shd@modeemi.fi> wrote:
> On Thu, Apr 24, 2008 at 08:53:06PM +0400, Sergei Golovan wrote:
>  >
>  > root is not a usual user. His only purpose is to serve other users,
>  > and the results of his work should be accessible by them. So, it isn't
>  > wise to set root's umask to something different from 0022.
> I disagree. Perhaps I'm paranoid because I use umask 0077 to avoid
>  leaking files to other users. This doesn't seem to affect OTHER packages
>  in the Debian system. At least, make this policy consistent. In my
>  opinion, package system should not depend on root users umask. To
>  compare with "make install" systems, they usually set the permissions
>  correctly.

The point is that root must not own any file to hide from the other
users (with a few exceptions). If you don't use root account as your
working account then setting root umask to 0077 is unnecessary and
creates more harm than solves problems.

Sergei Golovan

Reply to: