Re: The story behind UPG and umask.
On Tue, May 25, 2010 at 11:30:49PM +0100, Stephen Gran wrote:
> This one time, at band camp, Michael Banck said:
> > On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> > > 3) UID==GID was questioned to be a requrement, probably because it was
> > > seen that it isn't be enforced, but it can be of great help if you
> > > are looking at a filesystem (removable drive) without knowing the
> > > corresponding passwd/groups file.
> > > So maybe it is sane that UID==GID is a requirement, and its only an
> > > adduser bug when it does not skip IDs that have been taken by non
> > > UPG groups when creating users, and thus does not deliver that
> > > requirement.
> > I think it is not sane to make this a requirement for UPG, but it would probably
> > be sufficient proof of UPG.
> > Seems worthwhile to change adduser how you suggest to me, is there a bug
> > filed to this end?
> adduser has had bugs filed in the past asking for uid to be equal to gid
> by default, and I have so far rejected them as not worth the complexity
> for the aesthetic pleasure of having numbers match. Is there some
> problem with username == primary group name?
pam_umask requires both username == primary group name and uid == gid before
it will assume UPG are in place when using its 'usergroups' option, and I am
not willing to diverge from upstream on this as this would mean admins
coming from other systems may get an unpleasant surprise when they find that
Debian gives a more relaxed umask than they were expecting in some corner
So either someone should convince Linux-PAM upstream to change the behavior
of pam_umask, or adduser should enforce the same rules as other
implementations, if pam_umask is to be involved here. Beyond that, I have
no particular opinion on this question.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/