[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

* Aaron Toponce <aaron.toponce@gmail.com> [100517 13:05]:
> On 05/17/2010 10:49 AM, Harald Braumann wrote:
> > from pam_umask's description of the usergroups option:
> > 
> > If the user is not root, and the user ID is equal to the group ID, *and*
> > the username is the same as primary group name, the umask group bits
> > are set to be the same as owner bits (examples: 022 -> 002, 077 ->
> > 007). 
> > 
> > So if there is a mismatch of *either*, name or ID, then pam_umasks
> > detects a non-UPG system, while it might very well be all UPG.
> A bug in pam_umask.so that needs to be addressed (which I believe we've
> already started addressing in this thread).

Bug #581984.

> > Also,
> > just because Debian's adduser happens to give the same name to the
> > user as well as to his private group, this is not necessarily true in
> > all system. You could have group names that are prefixed with "grp",
> > or whatever, but still have a perfectly valid UPG system.

Then you must have manually configured the system, and you need to
manually configure PAM or /etc/profile or whatever to address all the
issues of your deviation from _defaults_.

Out of the box, Debian (we are not discussing other distros) uses UPG
and always uses the username for the name of the UPG assigned to that
user, unless you manually select a different group name, at which point
we are back to the point about an admin who deviates from defaults needs
to be aware of the consequences.


Reply to: