[Pkg-shadow-commits] r3188 - debian/trunk/debian

Nicolas FRANÇOIS nekral-guest at alioth.debian.org
Fri Mar 26 11:51:53 UTC 2010 

Author: nekral-guest
Date: 2010-03-26 11:51:51 +0000 (Fri, 26 Mar 2010)
New Revision: 3188

Modified:
   debian/trunk/debian/changelog
   debian/trunk/debian/login.defs
Log:
  * debian/login.defs: Updated description of UMASK (used by pam_umask).


Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog	2010-03-25 20:38:31 UTC (rev 3187)
+++ debian/trunk/debian/changelog	2010-03-26 11:51:51 UTC (rev 3188)
@@ -43,6 +43,7 @@
   * debian/passwd.cron.daily: Handle the backups of the user and group
     databases so that it can be removed from the standard daily cron job.
     Closes: #554170
+  * debian/login.defs: Updated description of UMASK (used by pam_umask).
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Sun, 24 Jan 2010 18:28:33 +0100
 

Modified: debian/trunk/debian/login.defs
===================================================================
--- debian/trunk/debian/login.defs	2010-03-25 20:38:31 UTC (rev 3187)
+++ debian/trunk/debian/login.defs	2010-03-26 11:51:51 UTC (rev 3188)
@@ -132,33 +132,18 @@
 #
 # The ERASECHAR and KILLCHAR are used only on System V machines.
 # 
-# UMASK usage is discouraged because it catches only some classes of user
-# entries to system, in fact only those made through login(1), while setting
-# umask in shell rc file will catch also logins through su, cron, ssh etc.
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
 #
-# At the same time, using shell rc to set umask won't catch entries which use
-# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
-# user and alike.
-#
-# Therefore the use of pam_umask is recommended as the solution which
-# catches all these cases on PAM-enabled systems.
-# 
-# This avoids the confusion created by having the umask set
-# in two different places -- in login.defs and shell rc files (i.e.
-# /etc/profile).
-#
-# For discussion, see #314539 and #248150 as well as the thread starting at
-# http://lists.debian.org/debian-devel/2005/06/msg01598.html
-#
 # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
 #
 ERASECHAR	0177
 KILLCHAR	025
-# 022 is the "historical" value in Debian for UMASK when it was used
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#UMASK		022
+UMASK		022
 
 #
 # Password aging controls:

More information about the Pkg-shadow-commits mailing list