Re: Bug#581434: UPG and the default umask
On Sat, 15 May 2010, Andreas Metzler wrote:
> #4 We cannot reliably detect UPG-setups. (The setting
> USERGROUPS=yes/no in /etc/adduser.conf is not relevant, e.g. in a
> NIS szenario users are generated on the master system.)
You don't need to detect UPG setups with 100% reliability; you can
just do the following:
1. If there a possibility of this being a UPG setup:
2. If this user's group has the same name and GID as the user's name and UID:
3. default umask of 0002
4. otherwise, default umask of 0022
In cases where you make a mistake and this isn't a UPG setup, step #2
should stop you if this is actually going to be a problem (and not
coincidentally, this is the check that pam_umask already does when you
give it the usergroups option.)
You can figure out #1 by whether or not adduser.conf is set to use
USERGROUPS, and if it is, the default for pam should probably[1]
default to adding "session optional pam_umask.so usergroups" to
common-session.
Alternatively, #2 can be done in /etc/profile using id, which should
work just fine, even on NIS setups.
Don Armstrong
1: Steve will hopefully correct me if I'm mistaken here.
--
Debian's not really about the users or the software at all. It's a
large flame-generating engine that the cabal uses to heat their coffee
-- Andrew Suffield (#debian-devel Fri, 14 Feb 2003 14:34 -0500)
http://www.donarmstrong.com http://rzlab.ucr.edu
Reply to: