[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#581729: [SQUEEZE] Document the umask change for new installs

Le Sat, May 15, 2010 at 02:16:43PM +0300, Andrei Popescu a écrit :
> The default 'umask' for new installs is changed
> ===============================================
> Starting with base-files version 5.4 the default umask for new installs 
> is 0002 instead of 0022 for regular users (system users, like the ones 
> used for various daemons and services are not affected).
> The new umask is more useful on systems where normal users are by 
> default members of an own private group, which no other user belongs to.  
> Such a scheme is known as 'User Private Groups' (UPG) and has been the 
> default in Debian for several releases.
> This change can however create security and/or privacy issues if the 
> system administrator is not aware of it and adds users to the private 
> group of another user. Also, in order to prevent security issues, some 
> software will detect this and refuse to operate when there are other 
> members in the user's private group and relevant files have permissions 
> as created with a umask of 0002.
> ---

Dear Andrei and DDP team,

I would like to suggest a stronger wording, that underlines that user private
groups are not designed to be shared. Also, I have not seen on -devel that the
idea of having a different umask for system and regular users has been
implemented in base-files yet. I propose to not mention this until base-files
is updated to support it.

I also propose to not mention the version of base-files where the change was
done in the release notes, since this is not relevant for stable versions.
However, I suggest that we post a very similar notice, but keeping the version
information, to the Develpers News (I will do it if nobody is faster than me).

I do not know where the announcment of the new umask default would fit the
best: in the “What's new” (major changes) section, or in the “Potential
problems”.  Or what about both?

Lastly, I mention the Securing Debian Manual below. I also have opened a bug
to update it to the latest umask default (#581753).

Have a nice week-end,

-- Charles Plessy, Tsurumi, Kanagawa, Japan

* For “What's new” (major changes):

New default 'umask' for new installs

The default 'umask' in Debian is now 0002 instead of 0022. This change takes
only effect on fresh installations, and gives write permission to the members
of the group owning the user's files (they already had read and access
permissions with the previous default). Debian uses by default the 'User
Private Groups' (UPG) scheme (URL to wikipedia), where users are members of
their own private group, that is not shared with others. The new default
simplifies the sharing of files in other (non-private) groups.

* For “Potential problems”

New default 'umask' for new installs

The new default umask of 0002 [insert a convenience link to the “What's new”
section] can surprise people used to the previous value of 0022. If the newly
installed system is sharing its files, or if its users are copying their files
to systems that are not implementing user private groups, write access could be
inadvertently given to other group members.

Also, the user private groups should never be shared with others. Instead, a
collaboration group must be created for sets of users who want to share files.
Please refer to the Securing Debian Manual (URL to section “Setting users
umasks”) for more details.

Reply to: