On 4/24/08, Heikki Orsila <[EMAIL PROTECTED]> wrote: > On Thu, Apr 24, 2008 at 08:53:06PM +0400, Sergei Golovan wrote: > > > > root is not a usual user. His only purpose is to serve other users, > > and the results of his work should be accessible by them. So, it isn't > > wise to set root's umask to something different from 0022. > > > I disagree. Perhaps I'm paranoid because I use umask 0077 to avoid > leaking files to other users. This doesn't seem to affect OTHER packages > in the Debian system. At least, make this policy consistent. In my > opinion, package system should not depend on root users umask. To > compare with "make install" systems, they usually set the permissions > correctly.
The point is that root must not own any file to hide from the other users (with a few exceptions). If you don't use root account as your working account then setting root umask to 0077 is unnecessary and creates more harm than solves problems. -- Sergei Golovan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
