[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

On 05/15/2010 02:51 PM, Willi Mann wrote:
> Is it possible to detect whether an account is configured properly based on 
> the UPG idea? If yes, wouldn't it then make sense to only set umask 002 if a 
> proper UPG account is detected, otherwise 022? This would avoid putting non-
> UPG systems on danger. 

I proposed this change to the /etc/profile file [1]. This logic seems
"good enough" to determine UPG accounts.

Further discussion however shows that other than root, system users
don't have login shells, and as such, won't process the /etc/profile
file. Also, because root has its own UPG, there's really no need for the
logic. My only question is then, why is their default shell /bin/sh, and
not /bin/false or /usr/sbin/nologin if they indeed are not login shells?

The "staff" and "users" groups might be problematic, if system
administrators are using those groups similar to how Solaris or HPUX are
using them (respectfully). However, I would venture that if the
administrator has his system setup that way, he's aware of the necessary
umask needed for that setup. If there are systems setup in this manner,
we'll likely see bug reports about it.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581434#70

. O .   O . O   . . O   O . .   . O .
. . O   . O O   O . O   . O O   . . O
O O O   . O .   . O O   O O .   O O O

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: