Re: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
From: Aaron Toponce <aaron.toponce@gmail.com>
Date: Tue, 11 May 2010 10:13:36 -0600
Message-id: <[🔎] 4BE98230.2050509@gmail.com>
In-reply-to: <[🔎] 20100510224601.GD19222@ikki.ethgen.de>
References: <[🔎] 4BE830C8.5050009@gmail.com> <[🔎] 20100510190747.GC19222@ikki.ethgen.de> <[🔎] 4BE8600C.8000005@gmail.com> <[🔎] 20100510224601.GD19222@ikki.ethgen.de>

On 5/10/2010 4:46 PM, Klaus Ethgen wrote:
> You can never trust anybody for giving him rights to _all_ of your
> files. So this assuming is never true and a user will not have any
> benefit of this group if the umask is 002!

I trust my wife to all of my files.

>> If you don't trust users in your UPG, then the administrator should
>> setup a different group, and put the necessary users in that group.
> 
> Give me one case where this is true. If there is a group for sharing
> purpose the users will use it -- and will lower there security down to
> nothing. Setting a default umask of 002 is highly negligent!

We have a 'weblogic' group where many user accounts are added, so they
cane manipulate webolgic domains and configurations. Would you like more
examples?

> Thats true. But setting the umask to 002 will lower them for no benefit.

I've told you how making the umask '0002' increases collaboration for
development teams. And it doesn't change the security of files that has
your UPG as the group of your files/dirs. Everyone not you, or a member
of your UPG still falls under the 'other' permissions, so for the sake
of security, you might as well change it to '0007'. My argument is about
the group permission, not other.

> The crazy idea of setting the umask to 002 per default will end in many,
> many systems where the users have a low as nothing security for they
> important files only to serve some few use cases where the persons
> normally know how to get rid of anyway.

Explain the security implications of '0002'. Your home directory will be
'drwxrwxr-x foo foo', so anyone who is not user 'foo' or in the UPG
'foo' won't be able to modify a thing. If you're concerned about them
viewing the files, then '0007' would give 'drwxrwx--- foo foo'. Setting
the write bit on the group doesn't change any security mechanism for the
user 'foo' or his UPG 'foo'.

If you're concerned about a developer in a collaboration group doing
something nasty, then they shouldn't be on the team. Otherwise, remove
them from the group, restore from backup, and carry on.

It's easy to say "in the name of security", without really thinking
about what you're advocating. Updating the umask value to allow the
write bit on groups when UPG is setup (as it is by default) just makes
sense. Keeping the write bit off the group, means we're too lazy to
change old historical baggage.

-- 
. O .   O . O   . . O   O . .   . O .
. . O   . O O   O . O   . O O   . . O
O O O   . O .   . O O   O O .   O O O

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: UPG and the default umask
  - From: Klaus Ethgen <Klaus@Ethgen.de>

References:
- UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Klaus Ethgen <Klaus@Ethgen.de>

Prev by Date: Re: Bug#580814: Parallellizing the boot in Debian Squeeze - ready for wider testing
Next by Date: pls help, hppa FTBFS: /usr/lib/libatlas.so.3gf: undefined symbol: __canonicalize_funcptr_for_compare
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread