Colin Watson wrote: > On Mon, Mar 10, 2003 at 10:22:02PM +0100, R?mi Letot wrote: > > Now why is debian's default 022 if 02 is safe ? > > Mostly because 002 is *not* safe if you don't go with the > one-user-per-group thing. Let me guess at another reason. Because programs like postfix, exim, sendmail, ssh, gpg, etc. check that files $HOME are not group writable by default. If those programs are not all modified to allow group writability then they refuse to honor user .forward files, .ssh/ files, etc. User's need to remember to chmod go-w those specifically. Which is yet more that the user needs to know and if they don't the have problems getting software to work. (BTW I don't know if Debian's versions of those programs allow group writability or not.) > Both debian.org machines and my workplace use a single group for all > users (which I happen to think is a pain, but hey); My work place too. The legacy of 15 years. Everyone is a 'user'. And now we also have shared groups too. A mixed environment confusing to all. Sigh. > the failure mode where somebody sets that up without realizing that > the default umask needs to be 022 is worse than the failure mode > where people end up with files that need to be group-writeable but > aren't, so Debian goes with the more generally safe default. And probably the >90% case anyway. I suspect that most people running GNU/Linux are doing so on standalone systems where they are not working with other people on shared files. For example, almost all software tools are designed to work in private sandboxes with cvs interfacing to and controlling the shared area. Therefore few users really ever need a way to work on shared files. Those that do need it can set it up. But I have wondered why umask is in the /etc/skel/* files redundantly with /etc/profile. That propagates the changes into the user's profiles which once embedded are a much more delicate problem to change. Bob
Attachment:
pgpf_Idvwx27W.pgp
Description: PGP signature