Hi! On Mon, Jun 20, 2005 at 08:33:48AM +0200, martin f krafft wrote: > also sprach Christian Perrier <[EMAIL PROTECTED]> [2005.06.20.0803 +0200]: > > > Summary: I would better wait _till_ pam_umask finds its way into > > > default Debian /etc/pam.d/common-session, and comment UMASK out > > > _after that_. ... > I tend to agree; let's change existing practice when new and better > practice is *in place* and working. I would not object to see > libpam-umask in base, but I don't think it's going to happen "just > like that". > > Maybe we should start small and add comments for now?
Yes, and I won't object commenting out UMASK in login.defs besides just adding comments. This will serve as "making first step". Anyway, changes will not affect stable Debian, end even in testing/unstable the number of _logins_ really affected will be relatively small. > > Alex seems to have well proven that UMASK in login.defs is > > *currently* the only way to be sure that all possible ways to > > login to a system will have the right mask. > > Proof incomplete... log in via SSH into a zsh shell and no umask > setting will take effect. No, I don't state that UMASK is there to gatch all entries of user to system. It just helps to catch a little bit more logins thath just with /etc/profile. P.S. Let's call set of entries caught with UMASK L, and set of entries caught with /etc/profile S. * L and S intersect. * S is generally larger than L. * but L - S == N, where N is set of entries to system through login(1) using non-shell in place of login shell or using a shell which does not set umask by itself. Of course, my main point is that L + S > S. I think that having L + S is better than just S. -- WBR, xrgtn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
