Your message dated Fri, 10 Apr 2020 11:35:55 +0000
with message-id <[email protected]>
and subject line Bug#945000: fixed in systemd 245.4-3
has caused the Debian Bug report #945000,
regarding systemd: Umask set in /etc/login.defs is not honored by systemd user
units even if pam_umask is enabled.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
945000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945000
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 243-5
Severity: important
Dear Maintainer,
The traditional way to change the default umask (change /etc/login.defs with
pam_umask enabled in /etc/pam.d/... ) is broken,
for on my does not honor it in user units.
This is a bug known by the upstream (
https://github.com/systemd/systemd/issues/6077 ), and currently the only
possible
walkaround is to override umask for every user unit, as discussed in
https://bugs.launchpad.net/ubuntu/+source/gnome-
terminal/+bug/1685754/comments/21 , which is hard to apply.
I may be unable to fix this issue with my own knowledge and resource,
but I can
report it to you experts at least.
-- Package-specific info:
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8),
LANGUAGE=zh_CN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd depends on:
ii adduser 3.118
ii libacl1 2.2.53-5
ii libapparmor1 2.13.3-6
ii libaudit1 1:2.8.5-2
ii libblkid1 2.34-0.1
ii libc6 2.29-3
ii libcap2 1:2.27-1
ii libcryptsetup12 2:2.2.1-1
ii libgcrypt20 1.8.5-3
ii libgnutls30 3.6.10-4
ii libgpg-error0 1.36-7
ii libidn2-0 2.2.0-2
ii libip4tc2 1.8.3-2
ii libkmod2 26-3
ii liblz4-1 1.9.2-2
ii liblzma5 5.2.4-1+b1
ii libmount1 2.34-0.1
ii libpam0g 1.3.1-5
ii libpcre2-8-0 10.32-5+b1
ii libseccomp2 2.4.1-2
ii libselinux1 2.9-3+b1
ii libsystemd0 243-5
ii mount 2.34-0.1
ii util-linux 2.34-0.1
Versions of packages systemd recommends:
ii dbus 1.12.16-2
ii libpam-systemd 243-5
Versions of packages systemd suggests:
ii policykit-1 0.105-26
pn systemd-container <none>
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.135
ii udev 243-5
-- Configuration Files:
/etc/pam.d/systemd-user changed:
@include common-account
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session required pam_limits.so
@include common-session-noninteractive
session optional pam_systemd.so
session optional pam_umask.so
-- no debconf information
[OVERRIDDEN] /etc/tmpfiles.d/screen-cleanup.conf ->
/usr/lib/tmpfiles.d/screen-cleanup.conf
--- /usr/lib/tmpfiles.d/screen-cleanup.conf 2017-06-19 06:31:56.000000000
+0800
+++ /etc/tmpfiles.d/screen-cleanup.conf 2017-06-30 08:33:17.091685640 +0800
@@ -1 +1 @@
-d /run/screen 0777 root utmp
+d /run/screen 1777 root utmp
[EXTENDED] /etc/systemd/system/display-manager.service ->
/etc/systemd/system/display-manager.service.d/umask.conf
[EQUIVALENT] /etc/systemd/system/nfdump.service ->
/lib/systemd/system/nfdump.service
[MASKED] /etc/systemd/system/systemd-rfkill.service ->
/lib/systemd/system/systemd-rfkill.service
[MASKED] /etc/systemd/system/systemd-rfkill.socket ->
/lib/systemd/system/systemd-rfkill.socket
[MASKED] /etc/systemd/system/transmission-daemon.service ->
/lib/systemd/system/transmission-daemon.service
[EXTENDED] /lib/systemd/system/rc-local.service ->
/lib/systemd/system/rc-local.service.d/debian.conf
[EXTENDED] /lib/systemd/system/systemd-resolved.service ->
/lib/systemd/system/systemd-resolved.service.d/resolvconf.conf
[EXTENDED] /lib/systemd/system/systemd-timesyncd.service ->
/lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf
[EXTENDED] /usr/lib/systemd/user/at-spi-dbus-bus.service ->
/etc/systemd/user/at-spi-dbus-bus.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/blueman-applet.service ->
/etc/systemd/user/blueman-applet.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/colord-session.service ->
/etc/systemd/user/colord-session.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/dbus.service ->
/etc/systemd/user/dbus.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/evolution-addressbook-factory.service ->
/etc/systemd/user/evolution-addressbook-factory.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/evolution-calendar-factory.service ->
/etc/systemd/user/evolution-calendar-factory.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/evolution-source-registry.service ->
/etc/systemd/user/evolution-source-registry.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/evolution-user-prompter.service ->
/etc/systemd/user/evolution-user-prompter.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/glib-pacrunner.service ->
/etc/systemd/user/glib-pacrunner.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gnome-terminal-server.service ->
/etc/systemd/user/gnome-terminal-server.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gvfs-afc-volume-monitor.service ->
/etc/systemd/user/gvfs-afc-volume-monitor.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gvfs-daemon.service ->
/etc/systemd/user/gvfs-daemon.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gvfs-goa-volume-monitor.service ->
/etc/systemd/user/gvfs-goa-volume-monitor.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gvfs-gphoto2-volume-monitor.service ->
/etc/systemd/user/gvfs-gphoto2-volume-monitor.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gvfs-metadata.service ->
/etc/systemd/user/gvfs-metadata.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gvfs-mtp-volume-monitor.service ->
/etc/systemd/user/gvfs-mtp-volume-monitor.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/gvfs-udisks2-volume-monitor.service ->
/etc/systemd/user/gvfs-udisks2-volume-monitor.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/obex.service ->
/etc/systemd/user/obex.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/rygel.service ->
/etc/systemd/user/rygel.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/telepathy-gabble.service ->
/etc/systemd/user/telepathy-gabble.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/telepathy-logger.service ->
/etc/systemd/user/telepathy-logger.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/telepathy-mission-control-5.service ->
/etc/systemd/user/telepathy-mission-control-5.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/telepathy-salut.service ->
/etc/systemd/user/telepathy-salut.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/tracker-extract.service ->
/etc/systemd/user/tracker-extract.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/tracker-miner-apps.service ->
/etc/systemd/user/tracker-miner-apps.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/tracker-miner-fs.service ->
/etc/systemd/user/tracker-miner-fs.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/tracker-store.service ->
/etc/systemd/user/tracker-store.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/tracker-writeback.service ->
/etc/systemd/user/tracker-writeback.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/zeitgeist-fts.service ->
/etc/systemd/user/zeitgeist-fts.service.d/umask.conf
[EXTENDED] /usr/lib/systemd/user/zeitgeist.service ->
/etc/systemd/user/zeitgeist.service.d/umask.conf
39 overridden configuration files found.
# This file is part of systemd.
#
# Used by systemd --user instances.
@include common-account
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session required pam_limits.so
@include common-session-noninteractive
session optional pam_systemd.so
session optional pam_umask.so
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_systemd.so
session optional pam_ecryptfs.so unwrap
# end of pam-auth-update config
session optional pam_umask.so
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 245.4-3
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 10 Apr 2020 11:55:15 +0200
Source: systemd
Architecture: source
Version: 245.4-3
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 945000 955541
Changes:
systemd (245.4-3) unstable; urgency=medium
.
[ Dan Streetman ]
* d/rules: in dh_auto_test, include meson param --print-errorlogs.
Also, don't cat testlog.txt; it's noisy and not very helpful.
Upstream request:
https://github.com/systemd/systemd/pull/14338#issuecomment-603432989
.
[ Michael Biebl ]
* pid1: by default make user units inherit their umask from the user manager
(Closes: #945000)
* user-util: rework how we validate user names.
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenever we allocate a new user,
while "relaxed" mode is used when we process users registered elsewhere.
(Closes: #955541)
Checksums-Sha1:
6ddb6564f87207efb26a24fd7696f97964e92c05 5093 systemd_245.4-3.dsc
4d58c3cfd37b1d4cd0ccff4df4879dea4c437528 164064 systemd_245.4-3.debian.tar.xz
b88aba23533442ed4629af522be2af686ad80225 9557 systemd_245.4-3_source.buildinfo
Checksums-Sha256:
31bc7beb50bf94ed17506d664e2b2c224623a23793b964adbaf9e4ac4b20d16a 5093
systemd_245.4-3.dsc
e8adfa9e6737eaddc3ff231066de43ebad33aab5de898b57aaa0d418a71ee802 164064
systemd_245.4-3.debian.tar.xz
2795a47e2365d34d2b0e8faca3f322374e51635e064c8bc3be21a2bb90dc2e62 9557
systemd_245.4-3_source.buildinfo
Files:
d001d23c49fe31c03eca65c2ea05c0a7 5093 admin optional systemd_245.4-3.dsc
608897c9367f3484e4c9c6145806aacb 164064 admin optional
systemd_245.4-3.debian.tar.xz
8a4edf61f4a2088b544fd00f45ccd48e 9557 admin optional
systemd_245.4-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAl6QVbYACgkQauHfDWCP
ItyA5w/9Hr5gH9/cMFf/rO+jzH4+jim9EAh0j0v8KMNAIxmK/RQL6YMi6qF5W3m3
fQ0Z3lVf5/HiiIV6WuAhF0FTwe7hvm5XytN1BCZ1SjSOx9+nnNaPp/QrGytnZHOT
lv5HRPPz6/sUJfs+MjR2IG7W42AHlbLzYGLpHpGwLK3Nwk47wDDSZi4fifxYSoRP
8E4QZRRDtYBjJR2cWsE8U9C5b4nVeiWFKOFk+a6F3ywF+hrb37GP4TLquRMHoRpt
nECkT+6BabHLSTFbzSQBdyL6O+dUj6l4ljsufjEjd+LYM23LgrCxi0Fsl5S5XFav
I+NrQy7xyZb7hxfE9CtgeRiVFE/PvW1Jp9NK8p4CMEbN1v3CcL4RDo+Anfzx1SJl
/CbX0LsjLWHT2PXoEo+xspT4hD2JrTNIOkRMcqLSHjD6kHN6UboHEV7XyvobzzhR
V/PVL69Z6hsi2JgdN9SCmWSmy6bX1qWfyw79kvIF2adgwD4DV7D8fCFx/AkFdSCj
O4Bs28qGguIBhlBjzqa3Krncx2lAEf/Nj+OKmtb048pFWZo2WRQgJaofyDuddiXl
mKKvkn8qc9Cnr8rf3Ccsn9M7Mz8y4tAJH8aeRH9oHDCZz2tWSgSX3ieKG572H7yl
39BN83cVspIsNTNgXdAzL/VYNOAte9e4HQ1rwEqg0b50gBliB24=
=7ZNs
-----END PGP SIGNATURE-----
--- End Message ---
