On Wed, Jul 17, 2024 at 22:10:28 +0700, Max Nikulin wrote: > Do you mean the following bug or something else? > <https://bugs.debian.org/711104> > login: su - doesn't set umask > Fixed in version pam/1.5.3-1 > Tue, 16 Jan 2024 00:19:23 +0000
Huh... given the age of the bug, I expected this was something already done in bookworm, but it's not. hobbit:/etc/pam.d$ grep -i umask * hobbit:/etc/pam.d$ grep -i mask * hobbit:/etc/pam.d$ Bookworm has PAM package version 1.5.2-6+deb12u1, not 1.5.3. Looks like this change was only made this year, and therefore won't appear until Debian 13. This makes me wonder what's setting umask *now*. Is it still PAM, just using a compile-time default instead of a value that's discoverable in a conffile? Also, this confused me: hobbit:/etc/pam.d$ dpkg -S /etc/pam.d/common-session dpkg-query: no path found matching pattern /etc/pam.d/common-session Where does that file come from, then? The installer? Oh wait, there are postinst scripts.... hobbit:~$ grep common-session /var/lib/dpkg/info/*.postinst /var/lib/dpkg/info/libpam-runtime.postinst: for configfile in common-auth common-account common-session \ /var/lib/dpkg/info/libpam-runtime.postinst: "$DPKG_ROOT"/etc/pam.d/common-session.pam-old So I guess that file comes from libpam-runtime, but it's not managed like a regular conffile. I suppose there was some reason for this, even if I can't guess it.
