Debian, by default, utilizes the user private group scheme (UPG). This means that when a new user is created on a system, a group of the same name, if not already in place, is created, and the user is placed in the group, as the only user. Thus, when new files (dirs, etc) are created by that user, the group added to that new file is the UPG of the user. For example: # useradd foo # id foo uid=1000(foo) gid=1000(foo) groups=1000(foo) [snip] # su - foo $ touch newfile $ ls -l newfile -rw-r--r-- 1 foo foo 0 May 10 10:05 newfile So, the appropriate group is applied, and the user foo is the only member of the foo group. But, do you see a problem? The group permissions are 'r--', even though 'foo' is the only member of the 'foo' group. This means the umask is '0022'. If we change the default umask to '0002', then the appropriate permissions will be applied with the group: $ umask 0002 $ touch anotherfile $ ls -l anotherfile -rw-rw-r-- 1 foo foo 0 May 10 10:06 anotherfile As it sits, having the default umask set as '0022' isn't breaking anything, but it's no longer needed. It's just historical baggage coming from the 'users' group on older UNIX systems, where any new user added to the system was added to the 'users' group by default. Thus, removing the write bit made sense. It doesn't make any sense with UPG. For comparison's sake, Fedora (and as a result, RHEL/CentOS/etc) have implemented '0002' as their default umask, as they implement UPG. openSUSE and family, however, still use the 'users' group, so it makes sense for them to use '0022' for their value. I guess I'm more or less curious why we're still using this outdated umask value with UPG. What would it take for Debian to update our default umask to match the UPG scheme? Is this doable for Sqeeze? Are there reasons for not making the switch? Thanks, -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
Attachment:
signature.asc
Description: OpenPGP digital signature