Re: UPG and the default umask
On Mon, May 17, 2010 at 3:34 PM, Marvin Renich <mrvn@renich.org> wrote:
> * Reinhard Tartler <siretart@debian.org> [100517 08:56]:
>> Let's have a look at the source. Note that options->usergroups is set
>> iff the option "usergroups" is used.
>>
>> ,----[modules/pam_umask/pam_umask.c]
>> | /* Set the process nice, ulimit, and umask from the
>> | password file entry. */
>> | static void
>> | setup_limits_from_gecos (pam_handle_t *pamh, options_t *options,
>> | struct passwd *pw)
>> | {
>> | char *cp;
>> |
>> | if (options->usergroups)
>> | {
>> | /* if not root, and UID == GID, and username is the same as
>> | primary group name, set umask group bits to be the same as
>> | owner bits (examples: 022 -> 002, 077 -> 007). */
>> | if (pw->pw_uid != 0 && pw->pw_uid == pw->pw_gid)
>> | {
>> | struct group *grp = pam_modutil_getgrgid (pamh, pw->pw_gid);
>> | if (grp && (strcmp (pw->pw_name, grp->gr_name) == 0))
>> | {
>> | mode_t oldmask = umask (0777);
>> | umask ((oldmask & ~070) | ((oldmask >> 3) & 070));
>> | }
>> | }
>> | }
>> `----
Another bug is the code does not check if they are only one user on the group.
Regards
Bastien
Reply to: