Re: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
From: Santiago Vila <sanvila@unex.es>
Date: Mon, 17 May 2010 15:47:25 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.1.10.1005171539550.16633@kolmogorov.unex.es>
In-reply-to: <[🔎] 844oi6k7x6.fsf@sauna.l.org>
References: <[🔎] 4BE830C8.5050009@gmail.com> <[🔎] 20100510162317.GI2652@radis.liafa.jussieu.fr> <[🔎] 87fx1ykjrt.fsf@windlord.stanford.edu> <[🔎] hsn1gf$cst$1@dough.gmane.org> <[🔎] 4BEFFA02.8000202@gmail.com> <[🔎] 87pr0vg07c.fsf@windlord.stanford.edu> <[🔎] alpine.DEB.1.10.1005170103200.6247@kolmogorov.unex.es> <[🔎] 84d3wvj7e5.fsf@sauna.l.org> <[🔎] alpine.DEB.1.10.1005171419450.12903@kolmogorov.unex.es> <[🔎] 844oi6k7x6.fsf@sauna.l.org>

On Mon, 17 May 2010, Timo Juhani Lindfors wrote:

> Santiago Vila <sanvila@unex.es> writes:
> > Ok, what about PAM?
> 
> "UsePAM no" is the default in openssh. I do not know if this is just
> to reduce the attack surface.

Grr. We are supposed to be system integrators, but how can we do that
if some parts of the system do not trust the other parts of the system?
That results in useless duplication of work.

Do I really have to put complex code in /etc/profile to use the old
umask when 1 <= uid <= 100?

Instead, we could consider as a bug that a "system user" wants to
login to the system at all.

Reply to:

References:
- UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Julien Cristau <jcristau@debian.org>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Willi Mann <foss-ml@wm1.at>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Russ Allbery <rra@debian.org>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>

Prev by Date: Re: [OT] Re: Open then gates
Next by Date: Re: UPG and the default umask
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread