[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The story behind UPG and umask.

On Tue, May 25, 2010 at 11:30:49PM +0100, Stephen Gran wrote:
> This one time, at band camp, Michael Banck said:
> > On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> > > 3) UID==GID was questioned to be a requrement, probably because it was
> > >    seen that it isn't be enforced, but it can be of great help if you
> > >    are looking at a filesystem (removable drive) without knowing the
> > >    corresponding passwd/groups file.

> > >    So maybe it is sane that UID==GID is a requirement, and its only an
> > >    adduser bug when it does not skip IDs that have been taken by non
> > >    UPG groups when creating users, and thus does not deliver that
> > >    requirement.

> > I think it is not sane to make this a requirement for UPG, but it would probably
> > be sufficient proof of UPG.

> > Seems worthwhile to change adduser how you suggest to me, is there a bug
> > filed to this end?

> adduser has had bugs filed in the past asking for uid to be equal to gid
> by default, and I have so far rejected them as not worth the complexity
> for the aesthetic pleasure of having numbers match.  Is there some
> problem with username == primary group name?

pam_umask requires both username == primary group name and uid == gid before
it will assume UPG are in place when using its 'usergroups' option, and I am
not willing to diverge from upstream on this as this would mean admins
coming from other systems may get an unpleasant surprise when they find that
Debian gives a more relaxed umask than they were expecting in some corner

So either someone should convince Linux-PAM upstream to change the behavior
of pam_umask, or adduser should enforce the same rules as other
implementations, if pam_umask is to be involved here.  Beyond that, I have
no particular opinion on this question.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to: