On Mon, 2022-09-05 at 21:38 +0200, Ola Lundqvist wrote: > I agree that it is good to fix the pcs package, but shouldn't we fix > the default umask in general? > I would argue that the default umask is insecure. bookworm login sets new user home directories to secure permissions: $ grep -E 'HOME_MODE\s*[0-9]' /etc/login.defs #HOME_MODE 0700 This somewhat mitigates, but not completely, the umask being insecure: $ grep -E 'UMASK\s*[0-9]' /etc/login.defs UMASK 022 I can't find any bugs open about changing the default umask, but it was mentioned in replies to the recent adduser thread: https://lists.debian.org/msgid-search/YieJALY0ny0+07pw@torres.zugschlus.de -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part