Re: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
From: Tollef Fog Heen <tfheen@err.no>
Date: Mon, 17 May 2010 22:39:38 +0200
Message-id: <[🔎] 87iq6m5kl1.fsf@qurzaw.linpro.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 1274119927.3206.181.camel@fermat.scientia.net> (Christoph Anton Mitterer's message of "Mon, 17 May 2010 20:12:07 +0200")
References: <[🔎] 20100512071945.GB20095@upsilon.cc> <[🔎] 201005120856.28741.holger@layer-acht.org> <[🔎] 20100513014356.GA15982@kunpuu.plessy.org> <[🔎] alpine.DEB.1.10.1005131127490.23711@kolmogorov.unex.es> <[🔎] 20100517102642.GD4216@sbs288.lan> <[🔎] AANLkTimvlTUYnoDzFpMg3BLcIEwKm9Lk9ZZ8RbZly1i_@mail.gmail.com> <[🔎] 20100517160223.GE4216@sbs288.lan> <[🔎] 4BF16B64.9050002@gmail.com> <[🔎] 20100517164957.GF4216@sbs288.lan> <[🔎] 4BF1773A.8090409@gmail.com> <[🔎] 1274116214.3206.148.camel@fermat.scientia.net> <[🔎] 4BF17B7E.6040103@gmail.com> <[🔎] 1274118370.3206.164.camel@fermat.scientia.net> <[🔎] 4BF181F7.2070107@gmail.com> <[🔎] 1274119927.3206.181.camel@fermat.scientia.net>

]] Christoph Anton Mitterer 

| On Mon, 2010-05-17 at 11:50 -0600, Aaron Toponce wrote:
| > How does this compromise security when you're the only member of your
| > private group?
| And if you are not?

Then you have a misconfigured system where security might be
compromised.  If it's intentional, you should also change the system
umask, be it using pam_umask, /etc/profile or whatever mechanism you
wish.

| Why should you? Well someone simply might not want to use UPG? Or might
| use the users or staff group?
| 
| Or do "we" now basically force everybody to use UPG?

See above, you then have to configure the system to not use UPGs.

| >  seeing as though Debian is a UPG-based operating system.

| Is it? Again,... speechless...

Yes, out of the box, each user has their private group and the umask is
0002, making it a UPG-based system.  That does not mean you can't
configure it otherwise of course.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

References:
- Re: UPG and the default umask
  - From: Stefano Zacchiroli <zack@debian.org>
- Re: UPG and the default umask
  - From: Holger Levsen <holger@layer-acht.org>
- Re: UPG and the default umask
  - From: Charles Plessy <plessy@debian.org>
- Re: UPG and the default umask
  - From: Santiago Vila <sanvila@unex.es>
- Re: UPG and the default umask
  - From: Harald Braumann <harry@unheit.net>
- Re: UPG and the default umask
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: UPG and the default umask
  - From: Harald Braumann <harry@unheit.net>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Harald Braumann <harry@unheit.net>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: APT do not work with Squid as a proxy because of pipelining default
Next by Date: Adopting package libnjb5
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread