Re: Seeking consensus for some changes in adduser
On Tue, 08 Mar 2022 20:48:46 +0100, Ansgar <ansgar@43-1.org> wrote:
>On Tue, 2022-03-08 at 12:29 -0700, Sam Hartman wrote:
>> > > > >
>> Take a look at https://salsa.debian.org/vorlon/pam/-/merge_requests/3
>>
>> According to the history of that patch, we have some old consensus to
>> move toward usergroups and a default umask of 0002 (except for root
>> which gets 0022).
>
>On systems that don't use usergroups for all/some users, doesn't this
>change make all files writable by other users by default? That would
>seem like a very unsecure change on upgrades (or as a default).
Maybe we need to adapt that patch to only set umask to 002 if the
user's primary group is identically named.
>(Though I think the current world-readable by default is already quite
>bad. It seems like a unsafe choice on both single-user and multi-user
>systems...)
It surely references an administration style that sadly does not fit
these days.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: