Re: UPG and the default umask
On Tue, May 18, 2010 at 3:12 PM, Harald Braumann <email@example.com> wrote:
> On Tue, May 18, 2010 at 10:08:17AM +0000, Philipp Kern wrote:
>> On 2010-05-18, Christoph Anton Mitterer <firstname.lastname@example.org> wrote:
>> > Not to speak about, that UPG is anyway a questionable abuse of the
>> > user/group concept.
>> > Neither to speak about the fact, that in the 17 years debian exists
>> > now,... no majority missed that "feature" (apparently).
>> So you present that as universal facts as if you've booked the truth
>> (possibly a bad translation of a German saying).
>> I think that feature is useful for all those who don't want to mess
>> with ACLs. If you are not allowed to use ACLs and don't have UPG
>> with sane umasks collaboration is painful (see e.g. Debian infrastrure
>> with all users being in group Debian and default umask 0022 which
>> leads to wrong permissions in setgid directories, with ACLs being
>> disallowed). So indeed I got a script which does newgrp and
>> setting the umask for me which I run whenever I want to do release
>> tasks. But it would be more sane if the user wouldn't have to
>> care about that.
> Let me quote from the comments in /etc/login.defs:
> # 022 is the "historical" value in Debian for UMASK when it was used
> # 027, or even 077, could be considered better for privacy
> # There is no One True Answer here : each sysadmin must make up his/her
> # mind.
> And that's exactly the problem: there is no one-size-fits-all
> for the umask. Yes, for collaboration in a setgid directory you'd have
> to use 002 and thanks to UPG this is possible without compromising
> security. But I consider this just a special case. There are
> cases where Debian runs in a non-UPG environment, where you can't use
> that umask. And I don't think that's uncommon. Think of a mixed
> environment with Windows, where you might have a samba domain in LDAP. And
> last time I checked, the smbldap-tools didn't support UPG.
Could you fill a bug report against smbldap-tools ?
> So whatever value is used as the default, half of the users will have
> to change it anyway, to fit their needs. And in such a case, where
> there is no single optimal value, I'd rather have the most
> conservative as default.
> If the umask is 022 and you create a setgid
> directory and forget to change the umask, you will quickly realise
> that things are not working as expected and fix it. If the umask is
> 002 and you add your Debian system to a non-UPG environment and forget
> to change the umask, things will still work perfectly but you put all
> your files at risk and might not even realise it until it is too
Why not add a security dialog and assistant for installing and
upgrading the system?
It will ease the transition and fit allt the need, documenting
drawbacks and advantages of each scheme ?
And offer a sensible default choice (and skip button) for desktop user ?