Bug#477699: general: No read permission for /usr/include/GL directory
On 4/24/08, Heikki Orsila <shd@modeemi.fi> wrote:
> On Thu, Apr 24, 2008 at 08:53:06PM +0400, Sergei Golovan wrote:
> >
> > root is not a usual user. His only purpose is to serve other users,
> > and the results of his work should be accessible by them. So, it isn't
> > wise to set root's umask to something different from 0022.
>
>
> I disagree. Perhaps I'm paranoid because I use umask 0077 to avoid
> leaking files to other users. This doesn't seem to affect OTHER packages
> in the Debian system. At least, make this policy consistent. In my
> opinion, package system should not depend on root users umask. To
> compare with "make install" systems, they usually set the permissions
> correctly.
The point is that root must not own any file to hide from the other
users (with a few exceptions). If you don't use root account as your
working account then setting root umask to 0077 is unnecessary and
creates more harm than solves problems.
--
Sergei Golovan
Reply to: