[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

On Tue, May 18, 2010 at 03:40:06PM +0200, Bastien ROUCARIES wrote:
> On Tue, May 18, 2010 at 3:12 PM, Harald Braumann <harry@unheit.net> wrote:
> > On Tue, May 18, 2010 at 10:08:17AM +0000, Philipp Kern wrote:
> >> On 2010-05-18, Christoph Anton Mitterer <calestyo@scientia.net> wrote:
> >> > Not to speak about, that UPG is anyway a questionable abuse of the
> >> > user/group concept.
> >> >
> >> > Neither to speak about the fact, that in the 17 years debian exists
> >> > now,... no majority missed that "feature" (apparently).
> >>
> >> So you present that as universal facts as if you've booked the truth
> >> (possibly a bad translation of a German saying).
> >>
> >> I think that feature is useful for all those who don't want to mess
> >> with ACLs.  If you are not allowed to use ACLs and don't have UPG
> >> with sane umasks collaboration is painful (see e.g. Debian infrastrure
> >> with all users being in group Debian and default umask 0022 which
> >> leads to wrong permissions in setgid directories, with ACLs being
> >> disallowed).  So indeed I got a script which does newgrp and
> >> setting the umask for me which I run whenever I want to do release
> >> tasks.  But it would be more sane if the user wouldn't have to
> >> care about that.
> >
> > Let me quote from the comments in /etc/login.defs:
> >
> > # 022 is the "historical" value in Debian for UMASK when it was used
> > # 027, or even 077, could be considered better for privacy
> > # There is no One True Answer here : each sysadmin must make up his/her
> > # mind.
> >
> > And that's exactly the problem: there is no one-size-fits-all
> > for the umask. Yes, for collaboration in a setgid directory you'd have
> > to use 002 and thanks to UPG this is possible without compromising
> > security. But I consider this just a special case. There are
> > cases where Debian runs in a non-UPG environment, where you can't use
> > that umask. And I don't think that's uncommon. Think of a mixed
> > environment with Windows, where you might have a samba domain in LDAP. And
> > last time I checked, the smbldap-tools didn't support UPG.
> Could you fill a bug report against smbldap-tools ?

There is already an upstream bug [0], but even if it get's
implemented, that wouldn't magically change all systems out there
running non-UPG

> > So whatever value is used as the default, half of the users will have
> > to change it anyway, to fit their needs. And in such a case, where
> > there is no single optimal value, I'd rather have the most
> > conservative as default.
> >
> > If the umask is 022 and you create a setgid
> > directory and forget to change the umask, you will quickly realise
> > that things are not working as expected and fix it. If the umask is
> > 002 and you add your Debian system to a non-UPG environment and forget
> > to change the umask, things will still work perfectly but you put all
> > your files at risk and might not even realise it until it is too
> > late.
> Why not add a security dialog and assistant for installing and
> upgrading the system?
> It will ease the transition and fit allt the need, documenting
> drawbacks and advantages of each scheme ?

A umask of 022 is the right choice for most people and at least
doesn't put the others at risk. Everyone, who knows what a setgid
directory is and how it works, will also know, that there are certain
requirements on the umask. And the others really don't care, as long
as their security is not compromised.

There is really no need to force everyone to make a useless decision,
just for the sake of a change to make life of a specific minority easier.


[0] http://gna.org/support/?2040

Reply to: