> You need to explain clearly how the umask of 0002 is insecure. If you > have members in your user private group, then your group isn't private, > is it? UPG is designed to NOT have anyone else in your group except you. > So, adding the write bit on the group mode does not affect security in > the least. > Also as far as I understood from a previous post, this change will only affect new installations, not existing ones. So even if a user misunderstood the concept and added other users to his private group, this change does not affect him. If the change is documented in the release notes and in the installation manual of squeeze, I do not see any problems. Of course you can assume that the user does not read them and just does stupid things, but this is an entirely different issue, you can never secure a system against mindless administrators, no way. So I see your argument about not to be thought of side effects, but the concept as such is proved already and the only harm could arise from systems where users assume the old umask still to be in effect when they update to squeeze and it will, so what is the problem? Best regards, Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.