Re: The story behind UPG and umask.

To: debian-devel@lists.debian.org
Subject: Re: The story behind UPG and umask.
From: Steve Langasek <vorlon@debian.org>
Date: Tue, 25 May 2010 16:43:21 -0700
Message-id: <[🔎] 20100525234321.GA16319@dario.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20100525223049.GB31740@hadrian.lobefin.net>
References: <[🔎] 20100525205411.GD27165@nighthawk.chemicalconnection.dyndns.org> <[🔎] 20100525223049.GB31740@hadrian.lobefin.net>

On Tue, May 25, 2010 at 11:30:49PM +0100, Stephen Gran wrote:
> This one time, at band camp, Michael Banck said:
> > On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> > > 3) UID==GID was questioned to be a requrement, probably because it was
> > >    seen that it isn't be enforced, but it can be of great help if you
> > >    are looking at a filesystem (removable drive) without knowing the
> > >    corresponding passwd/groups file.

> > >    So maybe it is sane that UID==GID is a requirement, and its only an
> > >    adduser bug when it does not skip IDs that have been taken by non
> > >    UPG groups when creating users, and thus does not deliver that
> > >    requirement.

> > I think it is not sane to make this a requirement for UPG, but it would probably
> > be sufficient proof of UPG.

> > Seems worthwhile to change adduser how you suggest to me, is there a bug
> > filed to this end?

> adduser has had bugs filed in the past asking for uid to be equal to gid
> by default, and I have so far rejected them as not worth the complexity
> for the aesthetic pleasure of having numbers match.  Is there some
> problem with username == primary group name?

pam_umask requires both username == primary group name and uid == gid before
it will assume UPG are in place when using its 'usergroups' option, and I am
not willing to diverge from upstream on this as this would mean admins
coming from other systems may get an unpleasant surprise when they find that
Debian gives a more relaxed umask than they were expecting in some corner
cases.

So either someone should convince Linux-PAM upstream to change the behavior
of pam_umask, or adduser should enforce the same rules as other
implementations, if pam_umask is to be involved here.  Beyond that, I have
no particular opinion on this question.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to:

Follow-Ups:
- Re: The story behind UPG and umask.
  - From: Stephen Gran <sgran@debian.org>
- Re: The story behind UPG and umask.
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>

References:
- Re: The story behind UPG and umask.
  - From: Michael Banck <mbanck@debian.org>
- Re: The story behind UPG and umask.
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: proper umask default setting / disabling UPGs / release notes / steps to take
Next by Date: Re: Re (2): lilo removal in squeeze (or, "please test grub2")
Previous by thread: Re: The story behind UPG and umask.
Next by thread: Re: The story behind UPG and umask.
Index(es):
- Date
- Thread