On 05/15/2010 02:51 PM, Willi Mann wrote: > Is it possible to detect whether an account is configured properly based on > the UPG idea? If yes, wouldn't it then make sense to only set umask 002 if a > proper UPG account is detected, otherwise 022? This would avoid putting non- > UPG systems on danger. I proposed this change to the /etc/profile file [1]. This logic seems "good enough" to determine UPG accounts. Further discussion however shows that other than root, system users don't have login shells, and as such, won't process the /etc/profile file. Also, because root has its own UPG, there's really no need for the logic. My only question is then, why is their default shell /bin/sh, and not /bin/false or /usr/sbin/nologin if they indeed are not login shells? The "staff" and "users" groups might be problematic, if system administrators are using those groups similar to how Solaris or HPUX are using them (respectfully). However, I would venture that if the administrator has his system setup that way, he's aware of the necessary umask needed for that setup. If there are systems setup in this manner, we'll likely see bug reports about it. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581434#70 -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
Attachment:
signature.asc
Description: OpenPGP digital signature