Re: UPG and the default umask
On Tue, May 18, 2010 at 4:16 PM, Harald Braumann <harry@unheit.net> wrote:
> On Tue, May 18, 2010 at 03:40:06PM +0200, Bastien ROUCARIES wrote:
>> On Tue, May 18, 2010 at 3:12 PM, Harald Braumann <harry@unheit.net> wrote:
>> > On Tue, May 18, 2010 at 10:08:17AM +0000, Philipp Kern wrote:
>> >> On 2010-05-18, Christoph Anton Mitterer <calestyo@scientia.net> wrote:
>> >> > Not to speak about, that UPG is anyway a questionable abuse of the
>> >> > user/group concept.
>> >> >
>> >> > Neither to speak about the fact, that in the 17 years debian exists
>> >> > now,... no majority missed that "feature" (apparently).
>> >>
>> >> So you present that as universal facts as if you've booked the truth
>> >> (possibly a bad translation of a German saying).
>> >>
>> >> I think that feature is useful for all those who don't want to mess
>> >> with ACLs. If you are not allowed to use ACLs and don't have UPG
>> >> with sane umasks collaboration is painful (see e.g. Debian infrastrure
>> >> with all users being in group Debian and default umask 0022 which
>> >> leads to wrong permissions in setgid directories, with ACLs being
>> >> disallowed). So indeed I got a script which does newgrp and
>> >> setting the umask for me which I run whenever I want to do release
>> >> tasks. But it would be more sane if the user wouldn't have to
>> >> care about that.
>> >
>> > Let me quote from the comments in /etc/login.defs:
>> >
>> > # 022 is the "historical" value in Debian for UMASK when it was used
>> > # 027, or even 077, could be considered better for privacy
>> > # There is no One True Answer here : each sysadmin must make up his/her
>> > # mind.
>> >
>> > And that's exactly the problem: there is no one-size-fits-all
>> > for the umask. Yes, for collaboration in a setgid directory you'd have
>> > to use 002 and thanks to UPG this is possible without compromising
>> > security. But I consider this just a special case. There are
>> > cases where Debian runs in a non-UPG environment, where you can't use
>> > that umask. And I don't think that's uncommon. Think of a mixed
>> > environment with Windows, where you might have a samba domain in LDAP. And
>> > last time I checked, the smbldap-tools didn't support UPG.
>>
>> Could you fill a bug report against smbldap-tools ?
>
> There is already an upstream bug [0], but even if it get's
> implemented, that wouldn't magically change all systems out there
> running non-UPG
>
>>
>>
>> > So whatever value is used as the default, half of the users will have
>> > to change it anyway, to fit their needs. And in such a case, where
>> > there is no single optimal value, I'd rather have the most
>> > conservative as default.
>> >
>> > If the umask is 022 and you create a setgid
>> > directory and forget to change the umask, you will quickly realise
>> > that things are not working as expected and fix it. If the umask is
>> > 002 and you add your Debian system to a non-UPG environment and forget
>> > to change the umask, things will still work perfectly but you put all
>> > your files at risk and might not even realise it until it is too
>> > late.
>>
>> Why not add a security dialog and assistant for installing and
>> upgrading the system?
>> It will ease the transition and fit allt the need, documenting
>> drawbacks and advantages of each scheme ?
>
> A umask of 022 is the right choice for most people and at least
> doesn't put the others at risk. Everyone, who knows what a setgid
> directory is and how it works, will also know, that there are certain
> requirements on the umask. And the others really don't care, as long
> as their security is not compromised.
>
> There is really no need to force everyone to make a useless decision,
> just for the sake of a change to make life of a specific minority easier.
>
> Cheers,
> harry
>
> [0] http://gna.org/support/?2040
Reported as #582388
Thanks
Reply to: