On Mon, May 17, 2010 at 01:04:22PM +0200, Bastien ROUCARIES wrote: > On Mon, May 17, 2010 at 12:26 PM, Harald Braumann <ha...@unheit.net> wrote: > > On Thu, May 13, 2010 at 11:48:19AM +0200, Santiago Vila wrote: > > > >> Will be done in base-files 5.4. > > > > I think that this change was done prematurely. There is still the > > issue of a Debian system running in a non-UPG environment. And so far > > I haven't seen a resolution for this point in the discussion. > > I believe the pam umask module is the way to go according to > http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_umask.html
Fair enough ... > [opition] usergroups > > If the user is not root, and the user ID is equal to the group ID, > and the username is the same as primary group name, the umask group > bits are set to be the same as owner bits (examples: 022 -> 002, 077 > -> 007). ... but that's the problem. User and group names/IDs are completely independent from one another and from the group regime emplyed. By no stretch of imagination can I see how you could deduce the group regime of a system from those. - you could have a UPG system but a mismatch of IDs -> wrong umask - you could have a non-UPG system but a user's name and ID happen to match those of the group -> wrong umask - you could add more layers and check, e.g., if the user is the only member in the group. but more users could be added later making the first user's files writeable by those. No matter how much clever logic you put in there, there is simply no way to make this work reliably because it's based on wrong assumption. Computer programmes work best when they are based on sound logic. Let's not part with this tradition. Let's keep the umask fixed at 022 and let the user change it if he wants. Cheers, harry -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100517160223.ge4...@sbs288.lan
