[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

About umask for paranoids


I am using potato, from 6 month now, and well, I like it very much, but
something is chocking me very much:

some log files, some configuration files, and some "other things I don't
expected" are world readable.

So, I know, I could change it by hand. But it seems a generic behaviour
of Debian, due to the default umask.

Do you know if it is possible to change the defauld debian umask ?
What would be then the effect over the installed packages ?

Is it possible to set this default "paranoid" umask at instalation stage
of Debian ?

But then, would a lot of things be broken ? In what measure Debian
packages rely on the default umask ??

I have been searching about this on the lists, google, etc..., and don't
find any mention. So now in fact I am asking myself is my conception about
umask security is good.

Some related questions:

By default, /root is world readable ? (I think I fixed this, but not sure)

What umask "sees" apache or apache-ssl ? (I had to change some
permissions of the logs...)

In fact, I think that what is happening is normal: with the current
default umask, you always have some "suprises"...

Thank you !!  :-)

Saludos de Julián

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: