The umask used to be (and should be again now) settable centrally. (/etc/login.defs or /etc/default/login LSB?)
Setting the umask in /etc/profile and multiple other rc files (instead centrally in login.defs) was only necessary while pam_umask was not available, and to be depreciated. All the times since 94' http://lists.debian.org/msgid-search/m0piquw-0002dgc.ijack...@nyx.cs.du.edu until PAM was included without support for it, the login package seems to have done the umask adjustment for UPG users, that pam_umask is requested to do again, now that it is available. To disable UPGs you currently need to change two settings, one in in /etc/login.defs and one in /etc/adduser.conf. So for a release note draft we can note: * A link to a (maybe improved version) of the users perspective on UPGs. https://wiki.ubuntu.com/MultiUserManagement * That existing users with UPG will now again get a correct UPG-default-umask. * That since existing users should have been set up with UPGs by the debian defaults all the time, this should be no security compromise. * That a central UMASK setting is now again possible in login.defs that can do a much better job than the umask lines in existing /etc/profile files etc. * That all umask settings have to be removed from preexisting /etc/profile ~/.bashrc and other shell rc files to take advantage from the improvements. * The option to disabling UPGs alltogether in adduser.conf and login.defs. As for a list of steps to do: 1) remove/comment out any umask settings in all shell configuration files shiped in debian (i.e. /etc/profile) and add a comment pointing to the right place for the global default umask setting. It might be /etc/default/login (LSB?), pam_umask looks at both. 2) Adjust /etc/login.defs: Refer to the text from: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/487729) Correct the comment about USERGROUPS_ENAB (now used by pam_umask). Or point to /etc/default/login (LSB?), pam_umask looks at both. UMASK 022 should be set in login.defs or /etc/default/login, and pam_umask's usergroups feature should be mentioned in the comment. 3) Enable pam_umask by fixing the issues related to the first couple of points of the howto at https://wiki.ubuntu.com/MultiUserManagement If anyone knows where this umask/UPG/multi-user issue is tracked, could you please add this accordingly? Kind regards, Christian -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100526012624.3b063ed1c.gatzeme...@tu-bs.de@tu-bs.de
