Re: Bug#581434: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: Bug#581434: UPG and the default umask
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Sat, 15 May 2010 10:04:17 +0200
Message-id: <[🔎] 1512c7-iq3.ln1@argenau.downhill.at.eu.org>
References: <[🔎] 20100512071945.GB20095@upsilon.cc> <[🔎] 201005120856.28741.holger@layer-acht.org> <[🔎] 20100513014356.GA15982@kunpuu.plessy.org> <[🔎] alpine.DEB.1.10.1005131127490.23711@kolmogorov.unex.es> <[🔎] 4BEC3ABD.6020805@gmail.com> <[🔎] 4BECFFD3.10300@free.fr> <[🔎] 20100514172141.GA13386@gnu.kitenet.net> <[🔎] alpine.DEB.1.10.1005150112240.24593@cantor.unex.es>

Santiago Vila <sanvila@unex.es> wrote:
[...]
> Problems like that are expected to happen, and I think we should be
> ready to fix them as they are found, so that the umask setting can
> really be a choice of the system admin, not an imposition of certain
> key programs who do not work well enough on systems having UPG and a
> default umask of 002.

> I remember that procmail had a similar problem, and the author
> implemented a build macro for systems having UPG. From the changelog:

> 1999/03/02: v3.12
>      Changes to procmail:
>          - Don't use $HOME/.procmailrc if it's group-writable or in a
>            group-writable directory, unless it's the user's default group
>            and GROUP_PER_USER is set in config.h

Hello,

afaiui we have this problem:

#1 Debian supports both UPG and non-UPG setups.
#2 UPG with umask 022 is useless.
#3 non-UPG with umask 002 is insecure.
#4 We cannot reliably detect UPG-setups. (The setting
  USERGROUPS=yes/no in /etc/adduser.conf is not relevant, e.g. in a
  NIS szenario users are generated on the master system.)

The solution applied to procmail, disabling .procmailrc permission
sanity check at compile time is not really a bugfix, but a policy
change, dropping #1 in favour of #2.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Reply to:

Follow-Ups:
- Re: Bug#581434: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#581434: UPG and the default umask
  - From: Don Armstrong <don@debian.org>

References:
- Re: UPG and the default umask
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: UPG and the default umask
  - From: Holger Levsen <holger@layer-acht.org>
- Re: UPG and the default umask
  - From: Charles Plessy <plessy@debian.org>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Vincent Danjean <vdanjean.ml@free.fr>
- Re: UPG and the default umask
  - From: Joey Hess <joeyh@debian.org>
- Re: Bug#581434: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>

Prev by Date: Re: Open then gates
Next by Date: debian/watch problem due to http://code.google.com download page's link format change
Previous by thread: Re: Bug#581434: UPG and the default umask
Next by thread: Re: Bug#581434: UPG and the default umask
Index(es):
- Date
- Thread