Re: UPG and the default umask

Mon, 17 May 2010 10:05:35 -0700 

On 05/17/2010 10:49 AM, Harald Braumann wrote:
> On Mon, May 17, 2010 at 10:14:28AM -0600, Aaron Toponce wrote:
>> On 05/17/2010 10:02 AM, Harald Braumann wrote:
>>> - you could have a UPG system but a mismatch of IDs -> wrong umask
>>
>> ID numbers, yes. ID names, no. If the user name maches the group name,
>> IE: aaron = aaron, then the user matches the private group. If the match
>> is not made, then umask 0022 should be in play.
> 
> from pam_umask's description of the usergroups option:
> 
> If the user is not root, and the user ID is equal to the group ID, *and*
> the username is the same as primary group name, the umask group bits
> are set to be the same as owner bits (examples: 022 -> 002, 077 ->
> 007). 
> 
> So if there is a mismatch of *either*, name or ID, then pam_umasks
> detects a non-UPG system, while it might very well be all UPG.

A bug in pam_umask.so that needs to be addressed (which I believe we've
already started addressing in this thread).

> Also,
> just because Debian's adduser happens to give the same name to the
> user as well as to his private group, this is not necessarily true in
> all system. You could have group names that are prefixed with "grp",
> or whatever, but still have a perfectly valid UPG system.

Can you produce a valid example? The definition of UPG is to create a
group name that is the same as the username. If the system in question
is using UPG, then there won't be any conflicts, unless the
admiinstrator tries creating a "adm" user, or something equally as unsound.

>> If the username matches the group name, then you have a UPG system.
> 
> And on what assumptions do you base this conclusion? 

This is how UPG works. A new user is added to the system, and a group of
the same name is also added to the system. This is fundamental to UPG.

>> Unless you created a user called "devel" and put him in the "devel"
>> group. Debian is not substitute for stupidity.
> 
> How is that stupid? Users and groups are completely seperate name
> spaces, so why would I care in a non-UPG system?

If you're using a non-UPG system, then you don't care. Debian is
UPG-based, so your argument is invalid.

-- 
. O .   O . O   . . O   O . .   . O .
. . O   . O O   O . O   . O O   . . O
O O O   . O .   . O O   O O .   O O O

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to