Re: UMASK 002 or 022?

[gwmfms6@openmailbox.org]

The wider community doesn't seem that concerned with the fact that all 
Debian and Ubuntu users are now (with the most recent stable releases) 
completely unable to change their default umask (and further have a 
default setting that gives the world read access to all their 
documents). I think this needs to be viewed as a security issue.

Even with the premise that the average Linux user is more computer 
competent than the average Windows or Mac user, I still don't think it's 
a fair assumption that all linux users know all about umask and 
permissions. Due to this, many users may unwittingly create "guest" 
accounts or friend accounts on their computers unknowingly giving read 
access to all documents they've created. This is not an uncommon 
practice in university contexts especially. Same goes if there's any 
sort of remote access going on through SSH etc.

This issue strikes me as something that should be of higher concern to 
the community.

Someone mentioned changing the permissions on one's home folder. That 
just adds insult to injury that by default everyone's home folder let's 
the world have read access along with all files being created with read 
access. It's poor privacy and security policy. The average computer-user 
assumes that other account holders can't read their "stuff" unless they 
do something to allow that person to read their stuff. But this is 
completely untrue on Debian Stretch and Ubuntu 17.04.