Am Thu, 27 May 2010 11:35:34 +0200 schrieb Wolodja Wentland: > why not make the decision to use UPG explicit by setting > "UPG = True"
I would say UPGs are already explicitly used. If your UPG = True means that newly created users are created with user private groups, than that is "USERGROUPS=yes" in adduser.conf. This UPG usage prerequisite, has been a debian default since 94' according to an old thread that was mentioned. If by UPG = True you refer to being conservative and relaxing the umask only for users that are created with certain characteristics that indicate that they really have been created with private user groups, thatn that used to be "USERGROUPS_ENAB yes" in login.defs until PAM was introduced whithout support for it, at that time, and broke it. Now pam_umask is available and takes the option "usergroups" when called from a pam.d/ config file (it could probably be patched to read login.defs). If by UPG = True you refer to setting a system wide default (relaxed) umask 002 (and risking to do to much to exsiting users or users on other systems authenticating agains the debian system), that used to be UMASK 002 in login.defs before PAM, with PAM "umask 002" had to be called from each shell rc file used, but now, if we activate pam_umask, it will read UMASK 022 from login.defs again (and relax it conditionally). -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100528001517.29cea841c.gatzeme...@tu-bs.de@tu-bs.de
