Re: Seeking consensus for some changes in adduser

To: debian-devel@lists.debian.org
Subject: Re: Seeking consensus for some changes in adduser
From: Ansgar <ansgar@43-1.org>
Date: Thu, 10 Mar 2022 11:33:45 +0100
Message-id: <[🔎] 2c130fea83d35982c5c739c62ec6cb21f9651cd3.camel@43-1.org>
In-reply-to: <[🔎] 87sfrq6rax.fsf@hands.com>
References: <[🔎] YieJALY0ny0+07pw@torres.zugschlus.de> <[🔎] tsl4k48b5ug.fsf@suchdamage.org> <[🔎] d856baa447d3c2664860938224ab4b007540fb75.camel@43-1.org> <[🔎] 87sfrq6rax.fsf@hands.com>

On Thu, 2022-03-10 at 11:21 +0100, Philip Hands wrote:
> However, I suspect that something is a bit broken about this anyway,
> since I just tested and get a umask of 0022 when logging in via ssh
> to a system with USERGROUPS_ENAB 'yes'.

I changed UMASK to 077 in /etc/login.defs and can confirm this doesn't
have any effect.  I guess because:

+---
| # UMASK is the default umask value for pam_umask and is used by
+---[ file:///etc/login.defs ]

and

+---
| $ rgrep umask /etc/pam.d || echo no
| no
+---

So all of this might not work either way unless someone manually
enables pam_umask?

Ansgar

Reply to:

References:
- Seeking consensus for some changes in adduser
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Seeking consensus for some changes in adduser
  - From: Sam Hartman <hartmans@debian.org>
- Re: Seeking consensus for some changes in adduser
  - From: Ansgar <ansgar@43-1.org>
- Re: Seeking consensus for some changes in adduser
  - From: Philip Hands <phil@hands.com>

Prev by Date: Re: Seeking consensus for some changes in adduser
Next by Date: Re: Seeking consensus for some changes in adduser
Previous by thread: Re: Seeking consensus for some changes in adduser
Next by thread: Re: Seeking consensus for some changes in adduser
Index(es):
- Date
- Thread