[Pkg-shadow-commits] r3188 - debian/trunk/debian
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Fri Mar 26 11:51:53 UTC 2010
Author: nekral-guest
Date: 2010-03-26 11:51:51 +0000 (Fri, 26 Mar 2010)
New Revision: 3188
Modified:
debian/trunk/debian/changelog
debian/trunk/debian/login.defs
Log:
* debian/login.defs: Updated description of UMASK (used by pam_umask).
Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog 2010-03-25 20:38:31 UTC (rev 3187)
+++ debian/trunk/debian/changelog 2010-03-26 11:51:51 UTC (rev 3188)
@@ -43,6 +43,7 @@
* debian/passwd.cron.daily: Handle the backups of the user and group
databases so that it can be removed from the standard daily cron job.
Closes: #554170
+ * debian/login.defs: Updated description of UMASK (used by pam_umask).
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 24 Jan 2010 18:28:33 +0100
Modified: debian/trunk/debian/login.defs
===================================================================
--- debian/trunk/debian/login.defs 2010-03-25 20:38:31 UTC (rev 3187)
+++ debian/trunk/debian/login.defs 2010-03-26 11:51:51 UTC (rev 3188)
@@ -132,33 +132,18 @@
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
-# UMASK usage is discouraged because it catches only some classes of user
-# entries to system, in fact only those made through login(1), while setting
-# umask in shell rc file will catch also logins through su, cron, ssh etc.
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
#
-# At the same time, using shell rc to set umask won't catch entries which use
-# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
-# user and alike.
-#
-# Therefore the use of pam_umask is recommended as the solution which
-# catches all these cases on PAM-enabled systems.
-#
-# This avoids the confusion created by having the umask set
-# in two different places -- in login.defs and shell rc files (i.e.
-# /etc/profile).
-#
-# For discussion, see #314539 and #248150 as well as the thread starting at
-# http://lists.debian.org/debian-devel/2005/06/msg01598.html
-#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
-# 022 is the "historical" value in Debian for UMASK when it was used
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#UMASK 022
+UMASK 022
#
# Password aging controls:
More information about the Pkg-shadow-commits
mailing list