Bug#581729: marked as done ([SQUEEZE] Document the umask change for new installs)

To: Julien Cristau <jcristau@debian.org>
Subject: Bug#581729: marked as done ([SQUEEZE] Document the umask change for new installs)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 01 Jan 2011 18:09:03 +0000
Message-id: <[🔎] handler.581729.D581729.129390512520153.ackdone@bugs.debian.org>
References: <20110101180520.GX2813@radis.liafa.jussieu.fr> <20100515111643.GF19171@think.homelan>

Your message dated Sat, 1 Jan 2011 19:05:20 +0100
with message-id <20110101180520.GX2813@radis.liafa.jussieu.fr>
and subject line Re: Bug#581729: [SQUEEZE] Document the umask change for new installs
has caused the Debian Bug report #581729,
regarding [SQUEEZE] Document the umask change for new installs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
581729: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581729
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: [SQUEEZE] Document the umask change for new installs

From: Andrei Popescu <andreimpopescu@gmail.com>

Date: Sat, 15 May 2010 14:16:43 +0300

Message-id: <20100515111643.GF19171@think.homelan>

In-reply-to: <20100515064129.GJ3444@mykerinos.kheops.frmug.org>

References: <20091123233240.GB3498@rivendell> <20091124014626.GD29774@kunpuu.plessy.org> <20091124025256.GA11308@gnu.kitenet.net> <20091124071717.GD9409@rivendell> <87ocmqnghe.fsf@windlord.stanford.edu> <1273881425.31170.28.camel@fermat.scientia.net> <87wrv6vx2y.fsf@windlord.stanford.edu> <1273884940.31170.81.camel@fermat.scientia.net> <87sk5tzqmb.fsf@windlord.stanford.edu> <20100515064129.GJ3444@mykerinos.kheops.frmug.org>
Package: release-notes
Severity: whishlist
Tags: squeeze
X-Debbugs-CC: debian-devel@lists.debian.org

On Sat,15.May.10, 08:41:29, Christian PERRIER wrote:
 
> More generally speaking, this umask change probably deserves to be
> mentioned in the Release Notes....along with a good rationale about
> why, no, this isn't Debian giving up to years of being security-wise.

Suggested text:

---
The default 'umask' for new installs is changed
===============================================

Starting with base-files version 5.4 the default umask for new installs 
is 0002 instead of 0022 for regular users (system users, like the ones 
used for various daemons and services are not affected).

The new umask is more useful on systems where normal users are by 
default members of an own private group, which no other user belongs to.  
Such a scheme is known as 'User Private Groups' (UPG) and has been the 
default in Debian for several releases.

This change can however create security and/or privacy issues if the 
system administrator is not aware of it and adds users to the private 
group of another user. Also, in order to prevent security issues, some 
software will detect this and refuse to operate when there are other 
members in the user's private group and relevant files have permissions 
as created with a umask of 0002.
---

Comments welcome.

Regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

To: Charles Plessy <plessy@debian.org>, 581729-done@bugs.debian.org

Cc: Andrei Popescu <andreimpopescu@gmail.com>

Subject: Re: Bug#581729: [SQUEEZE] Document the umask change for new installs

From: Julien Cristau <jcristau@debian.org>

Date: Sat, 1 Jan 2011 19:05:20 +0100

Message-id: <20110101180520.GX2813@radis.liafa.jussieu.fr>

In-reply-to: <[🔎] 20110101174731.GA539@merveille.plessy.net>

References: <20091124025256.GA11308@gnu.kitenet.net> <20091124071717.GD9409@rivendell> <87ocmqnghe.fsf@windlord.stanford.edu> <1273881425.31170.28.camel@fermat.scientia.net> <87wrv6vx2y.fsf@windlord.stanford.edu> <1273884940.31170.81.camel@fermat.scientia.net> <87sk5tzqmb.fsf@windlord.stanford.edu> <20100515064129.GJ3444@mykerinos.kheops.frmug.org> <20100515111643.GF19171@think.homelan> <[🔎] 20110101174731.GA539@merveille.plessy.net>
On Sun, Jan  2, 2011 at 02:47:31 +0900, Charles Plessy wrote:

> because base-files does not set umask anymore since version 5.7, and
> because the default umask is currently 0022 again (through login.defs
> and pam_umask), I propose to close this bug. Alternatively, I can
> submit a patch to document the above.
> 
Closing.

Cheers,
Julien
Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to:

Prev by Date: Bug#581729: [SQUEEZE] Document the umask change for new installs
Next by Date: Bug#608022: [PATCH v2 1/2] Recommend against direct upgrades from releases older than lenny
Previous by thread: Bug#581729: [SQUEEZE] Document the umask change for new installs
Next by thread: Bug#608022: [PATCH v2 1/2] Recommend against direct upgrades from releases older than lenny
Index(es):
- Date
- Thread