Re: sshfs en umask

To: debian-user-dutch@lists.debian.org
Subject: Re: sshfs en umask
From: Paul van der Vlis <paul@vandervlis.nl>
Date: Fri, 13 Oct 2017 11:41:28 +0200
Message-id: <[🔎] dc999fa7-530c-fb9f-c3df-66befd6d9d93@vandervlis.nl>
In-reply-to: <[🔎] op.y71ii3bi5k9y7g@jessica.jkfloris.demon.nl>
References: <[🔎] 5a3f4c77-1215-32ff-707d-149d2902bb89@vandervlis.nl> <[🔎] op.y71ii3bi5k9y7g@jessica.jkfloris.demon.nl>

Op 13-10-17 om 11:12 schreef Floris:

> iets als:
> session optional pam_umask.so umask=0002
> in /etc/pam.d/sshd
> 
> In ieder geval als systemd en logind op de server draaien, zal ik het in
> die hoek zoeken.

Ik werk inderdaad met systemd, of ik logind gebruik weet ik niet
helemaal zeker. Logind zou zijn toegevoegd in systemd 30, voor zover ik
zie werk ik met versie 232 dus het zal wel, maar ik zie het niet draaien
met "ps aux", en vind ook geen bestand "logind".

/etc/pam.d/sshd is best een ingewikkeld bestand en pam is niet mijn
specialiteit. Kan ik zo'n regel aan het eind van het bestand toevoegen
of moet dat ergens op een speciale plek in het bestand?

Groet,
Paul

/etc/pam.d/sshd, de regels zijn wat afgebroken:
-------------
# PAM configuration for the Secure Shell service

# Standard Un*x authentication.
@include common-auth

# Disallow non-root logins when /etc/nologin exists.
account    required     pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account  required     pam_access.so

# Standard Un*x authorization.
@include common-account

# SELinux needs to be the first session rule.  This ensures that any
# lingering context has been cleared.  Without this it is possible that a
# module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad]
   pam_selinux.so close

# Set the loginuid process attribute.
session    required     pam_loginuid.so

# Create a new session keyring.
session    optional     pam_keyinit.so force revoke

# Standard Un*x session setup and teardown.
@include common-session

# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session    optional     pam_motd.so  motd=/run/motd.dynamic
session    optional     pam_motd.so noupdate

# Print the status of the user's mailbox upon successful login.
session    optional     pam_mail.so standard noenv # [1]

# Set up user limits from /etc/security/limits.conf.
session    required     pam_limits.so

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
session    required     pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
session    required     pam_env.so user_readenv=1
envfile=/etc/default/locale


# SELinux needs to intervene at login time to ensure that the process starts
# in the proper default security context.  Only sessions which are intended
# to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad]
   pam_selinux.so open

# Standard Un*x password updating.
@include common-password
----------


-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/

Reply to:

Follow-Ups:
- Re: sshfs en umask
  - From: Floris <jkfloris@dds.nl>

References:
- sshfs en umask
  - From: Paul van der Vlis <paul@vandervlis.nl>
- Re: sshfs en umask
  - From: Floris <jkfloris@dds.nl>

Prev by Date: Re: sshfs en umask
Next by Date: Re: sshfs en umask
Previous by thread: Re: sshfs en umask
Next by thread: Re: sshfs en umask
Index(es):
- Date
- Thread