Re: UPG and the default umask

[Russ Allbery <rra@debian.org>]

Aaron Toponce <aaron.toponce@gmail.com> writes:
> On 5/13/2010 3:34 AM, Philipp Kern wrote:

>> Doesn't that lead to "great fun" if you activate NIS or similar means
>> to sync unix users and groups on such systems, if they aren't set up to
>> use UPG too?  So that would need a big fat warning in the release notes
>> and somehow I fear bad PR.  :P

> Can you provide a documented use case for NIS or NIS+? Speculation is
> one thing, implementing it is another.

Well, whenever you want to share the same set of users across a bunch of
systems, you use something like NIS.  You're actually doing so yourself:

> I'm utilizing OpenLDAP with autofs to mount user home directories on
> RHEL 5 systems when users login.

This is equivalent.  The key part is this:

> Everything plays nice, just as you would expect, permission-wise. They
> have their own UPG, and the default umask is still 0002.

You're creating UPGs in your LDAP environment.  As long as you do that,
that's fine.  Philipp's point, I believe, is that, first, institutional
LDAP environments probably aren't going to have UPG set up (Stanford's
doesn't, for example; we have a users group shared by all users), and
second, there's no way for the Debian package to tell whether the LDAP or
NIS environment is going to have UPG.

The root of the problem is that the decision to use UPG is done in one
place and the umask is set in a different place, and there's one
combination out of the four possible ones that's insecure by default.

I don't think this is insurmountable, but it definitely needs to be
documented.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>