[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

On Sun, May 16, 2010 at 03:11:56PM +0000, The Fungi wrote:
> On Sat, May 15, 2010 at 02:34:57PM -0700, Russ Allbery wrote:
> > That's a good idea. I'm not sure if all UNIX group systems allow
> > one to ask how many users are a member of a particular group, but
> > if there's a way to ask that question at least in those group
> > systems that support it, the implementation should be fairly
> > straightforward.
> This is racy, unfortunately (at least by itself). Consider a non-UPG
> system which starts with one user... this check passes and files get
> created with group write flagged. Later, subsequent users appear
> sharing that same group and the default umask stops making new files
> group-writeable, but the first user's original files are now able to
> be modified by others (and then his account is immediately at risk
> of being taken over by one of the new users without his knowledge).
> Of course, coupled with other checks like uname==gname, parsing
> login.defs, et cetera, it could add an extra layer of assurance.

I'd call it an extra layer of assumptions. I already get the shivers
just thinking about the kind of complexity that is invented here. Now
it's sufficient to have a look in /etc/profile to *know* the umask
that will be set. If that scheme were implemented, I'd have to read code,
several files and query ldap, or whatever is used, to *assume* what
umask might be set.

Please don't do that. If non-UPG systems should be supported, keep the
umask at 022 and let the admin edit a single line to change it, if
this is needed and he knows it's a pure UPG system.


Reply to: