** Description changed:
+ [impact]
+
+ pam_umask, from /etc/passwd, is not honored in systemd --user instances
+
+ [test case]
+
+ on a desktop system, edit /etc/passwd to change the test user entry
+ (e.g. the 'ubuntu' user) to include 'umask=007' in the GECOS field (5th
+ field). For example change:
+
+ ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
+
+ to:
+
+ ubuntu:x:1000:1000:Ubuntu,umask=007:/home/ubuntu:/bin/bash
+
+ You may need to reboot for your X session to pick up the change.
+
+ Then, from the graphical desktop, open a terminal and run:
+
+ $ gnome-terminal -e sh
+
+ in the opened terminal, run:
+
+ $ umask
+
+ the number shown should be 0007, as set in the passwd file
+
+ [regression potential]
+
+ any regression would likely result in an incorrect umask for the user
+ whose passwd entry is modified.
+
+ [scope]
+
+ this is needed only for b
+
+ this is fixed in systemd upstream by commit
+ 5e37d1930b41b24c077ce37c6db0e36c745106c7 which was first included in
+ v246, so this is fixed in g and later. This commit was also picked up by
+ Debian and included in the v245 release for focal, so this is fixed in
+ focal already.
+
+ [original description]
+
In order to set the default umask of my users to 027 or 007, I followed
the instructions provided in 'man pam_umask' :
In the 'gecos' field of '/etc/passwd', I have inserted 'umask=027' or
'umask=007' (for myself).
Then, MOST graphical applications systematically run with the correct
umask.
In particular, when I press Alt-F2, run 'xterm sh' and type 'umask', it
systematically displays 0007.
But when I press Alt-F2, run 'gnome-terminal -e sh' and type 'umask', it
systematically displays 0022.
That is BAD, and is a security issue.
-
Workaround : Inside the newly created '/etc/profile.d/umask.sh', and in each
'~/.bashrc', add following content :
UMASK="$(grep -o "^$USER:.*,umask=0[0-7]*" /etc/passwd)"
if [ "$UMASK" ]; then
- umask "${UMASK#$USER:*,umask=}"
+ umask "${UMASK#$USER:*,umask=}"
fi
-
- In fact, 'gnome-terminal' MUST NOT force umask=022, but keep umask unchanged.
+ In fact, 'gnome-terminal' MUST NOT force umask=022, but keep umask
+ unchanged.
Thank you in advance for a quick correction.
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: gnome-terminal 3.20.2-1ubuntu8
ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8
Uname: Linux 4.10.0-19-generic x86_64
ApportVersion: 2.20.4-0ubuntu4
Architecture: amd64
CurrentDesktop: X-Cinnamon
Date: Mon Apr 24 08:36:58 2017
InstallationDate: Installed on 2017-03-28 (26 days ago)
InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Beta amd64 (20170321)
SourcePackage: gnome-terminal
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1685754
Title:
'systemd --user' unduly forces umask=0022
To manage notifications about this bug go to:
https://bugs.launchpad.net/gedit/+bug/1685754/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
