Re: Bug#581434: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: Bug#581434: UPG and the default umask
From: Don Armstrong <don@debian.org>
Date: Sat, 15 May 2010 14:40:05 -0700
Message-id: <[🔎] 20100515214005.GM8358@teltox.donarmstrong.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 1512c7-iq3.ln1@argenau.downhill.at.eu.org>
References: <[🔎] 20100512071945.GB20095@upsilon.cc> <[🔎] 201005120856.28741.holger@layer-acht.org> <[🔎] 20100513014356.GA15982@kunpuu.plessy.org> <[🔎] alpine.DEB.1.10.1005131127490.23711@kolmogorov.unex.es> <[🔎] 4BEC3ABD.6020805@gmail.com> <[🔎] 4BECFFD3.10300@free.fr> <[🔎] 20100514172141.GA13386@gnu.kitenet.net> <[🔎] alpine.DEB.1.10.1005150112240.24593@cantor.unex.es> <[🔎] 1512c7-iq3.ln1@argenau.downhill.at.eu.org>

On Sat, 15 May 2010, Andreas Metzler wrote:
> #4 We cannot reliably detect UPG-setups. (The setting
>   USERGROUPS=yes/no in /etc/adduser.conf is not relevant, e.g. in a
>   NIS szenario users are generated on the master system.)

You don't need to detect UPG setups with 100% reliability; you can
just do the following:

1. If there a possibility of this being a UPG setup:
   2. If this user's group has the same name and GID as the user's name and UID:
      3. default umask of 0002
4. otherwise, default umask of 0022

In cases where you make a mistake and this isn't a UPG setup, step #2
should stop you if this is actually going to be a problem (and not
coincidentally, this is the check that pam_umask already does when you
give it the usergroups option.)

You can figure out #1 by whether or not adduser.conf is set to use
USERGROUPS, and if it is, the default for pam should probably[1]
default to adding "session optional pam_umask.so usergroups" to
common-session.

Alternatively, #2 can be done in /etc/profile using id, which should
work just fine, even on NIS setups.


Don Armstrong

1: Steve will hopefully correct me if I'm mistaken here.
-- 
Debian's not really about the users or the software at all. It's a
large flame-generating engine that the cabal uses to heat their coffee
 -- Andrew Suffield (#debian-devel Fri, 14 Feb 2003 14:34 -0500)

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to:

Follow-Ups:
- Re: Bug#581434: UPG and the default umask
  - From: Drake Wilson <drake@begriffli.ch>

References:
- Re: UPG and the default umask
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: UPG and the default umask
  - From: Holger Levsen <holger@layer-acht.org>
- Re: UPG and the default umask
  - From: Charles Plessy <plessy@debian.org>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Vincent Danjean <vdanjean.ml@free.fr>
- Re: UPG and the default umask
  - From: Joey Hess <joeyh@debian.org>
- Re: Bug#581434: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: Bug#581434: UPG and the default umask
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

Prev by Date: Re: Bug#581434: UPG and the default umask
Next by Date: Re: UPG and the default umask
Previous by thread: Re: Bug#581434: UPG and the default umask
Next by thread: Re: Bug#581434: UPG and the default umask
Index(es):
- Date
- Thread