[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#581729: marked as done ([SQUEEZE] Document the umask change for new installs)

Your message dated Sat, 1 Jan 2011 19:05:20 +0100
with message-id <20110101180520.GX2813@radis.liafa.jussieu.fr>
and subject line Re: Bug#581729: [SQUEEZE] Document the umask change for new installs
has caused the Debian Bug report #581729,
regarding [SQUEEZE] Document the umask change for new installs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

581729: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581729
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release-notes
Severity: whishlist
Tags: squeeze
X-Debbugs-CC: debian-devel@lists.debian.org

On Sat,15.May.10, 08:41:29, Christian PERRIER wrote:
> More generally speaking, this umask change probably deserves to be
> mentioned in the Release Notes....along with a good rationale about
> why, no, this isn't Debian giving up to years of being security-wise.

Suggested text:

The default 'umask' for new installs is changed

Starting with base-files version 5.4 the default umask for new installs 
is 0002 instead of 0022 for regular users (system users, like the ones 
used for various daemons and services are not affected).

The new umask is more useful on systems where normal users are by 
default members of an own private group, which no other user belongs to.  
Such a scheme is known as 'User Private Groups' (UPG) and has been the 
default in Debian for several releases.

This change can however create security and/or privacy issues if the 
system administrator is not aware of it and adds users to the private 
group of another user. Also, in order to prevent security issues, some 
software will detect this and refuse to operate when there are other 
members in the user's private group and relevant files have permissions 
as created with a umask of 0002.

Comments welcome.

Offtopic discussions among Debian users and developers:

Attachment: signature.asc
Description: Digital signature

--- End Message ---
--- Begin Message ---
On Sun, Jan  2, 2011 at 02:47:31 +0900, Charles Plessy wrote:

> because base-files does not set umask anymore since version 5.7, and
> because the default umask is currently 0022 again (through login.defs
> and pam_umask), I propose to close this bug. Alternatively, I can
> submit a patch to document the above.


Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to: