Re: UPG and the default umask

To: debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
From: Harald Braumann <harry@unheit.net>
Date: Tue, 18 May 2010 15:12:40 +0200
Message-id: <[🔎] 20100518131240.GA4737@sbs288.lan>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] slrnhv4poh.6us.trash@kelgar.0x539.de>
References: <[🔎] 4BE830C8.5050009@gmail.com> <[🔎] 20100517144058.GH8909@anguilla.noreply.org> <[🔎] 20100517154939.GA8806@pcpool00.mathematik.uni-freiburg.de> <[🔎] 20100518074815.GI8909@anguilla.noreply.org> <[🔎] d25e0d5acb17eaa35b79d8519fe5b76f@imap.dd24.net> <[🔎] slrnhv4poh.6us.trash@kelgar.0x539.de>

On Tue, May 18, 2010 at 10:08:17AM +0000, Philipp Kern wrote:
> On 2010-05-18, Christoph Anton Mitterer <calestyo@scientia.net> wrote:
> > Not to speak about, that UPG is anyway a questionable abuse of the
> > user/group concept.
> >
> > Neither to speak about the fact, that in the 17 years debian exists
> > now,... no majority missed that "feature" (apparently).
> 
> So you present that as universal facts as if you've booked the truth
> (possibly a bad translation of a German saying).
> 
> I think that feature is useful for all those who don't want to mess
> with ACLs.  If you are not allowed to use ACLs and don't have UPG
> with sane umasks collaboration is painful (see e.g. Debian infrastrure
> with all users being in group Debian and default umask 0022 which
> leads to wrong permissions in setgid directories, with ACLs being
> disallowed).  So indeed I got a script which does newgrp and
> setting the umask for me which I run whenever I want to do release
> tasks.  But it would be more sane if the user wouldn't have to
> care about that.

Let me quote from the comments in /etc/login.defs:

# 022 is the "historical" value in Debian for UMASK when it was used
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.

And that's exactly the problem: there is no one-size-fits-all
for the umask. Yes, for collaboration in a setgid directory you'd have
to use 002 and thanks to UPG this is possible without compromising
security. But I consider this just a special case. There are
cases where Debian runs in a non-UPG environment, where you can't use
that umask. And I don't think that's uncommon. Think of a mixed
environment with Windows, where you might have a samba domain in LDAP. And
last time I checked, the smbldap-tools didn't support UPG.

So whatever value is used as the default, half of the users will have
to change it anyway, to fit their needs. And in such a case, where
there is no single optimal value, I'd rather have the most
conservative as default. 

If the umask is 022 and you create a setgid
directory and forget to change the umask, you will quickly realise
that things are not working as expected and fix it. If the umask is
002 and you add your Debian system to a non-UPG environment and forget
to change the umask, things will still work perfectly but you put all
your files at risk and might not even realise it until it is too
late.

Cheers,
harry

Reply to:

Follow-Ups:
- Re: UPG and the default umask
  - From: Philipp Kern <trash@philkern.de>
- Re: UPG and the default umask
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

References:
- UPG and the default umask
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Re: UPG and the default umask
  - From: Peter Palfrader <weasel@debian.org>
- Re: UPG and the default umask
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: UPG and the default umask
  - From: Peter Palfrader <weasel@debian.org>
- Re: UPG and the default umask
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: UPG and the default umask
  - From: Philipp Kern <trash@philkern.de>

Prev by Date: Re: UPG and the default umask
Next by Date: Re: UPG and the default umask
Previous by thread: Re: UPG and the default umask
Next by thread: Re: UPG and the default umask
Index(es):
- Date
- Thread