Re: Subject: UMASK 002 or 022?
- Date: Wed, 28 Jun 2017 12:14:28 +0800
- From: Paul Wise <pabs@xxxxxxxxxx>
- Subject: Re: Subject: UMASK 002 or 022?
On Wed, Jun 28, 2017 at 1:11 AM, gwmfms6 wrote:
> I'd like to know why giving the world (Other) read access is even under
> consideration. If user wants a file to have Other readability this should be
> on the user to set it, but it should not be the default.
I expect for most Debian deployments this isn't that relevant, since
most are either servers with no real users or single-user systems with
no guest account.
> What is the justification that every user be able to read everyone else's
This decision was made in the mists of time and has never been questioned.
> This discussion should be on whether to set a default UMASK of 077 or 027.
I think the appropriate default umask is 077 due to the possibility of
some sites not naming the primary group of each user after the user.
That said, 027 would probably be a reasonable default too since most
sites do not do that.
> NOTE: this discussion is moot at the present time anyway because it is
> impossible to set a UMASK at all on Debian Stretch. None of the usual ways
> work within gnome on Debian Stretch. Can anyone comment on this fact?
I had "UMASK 027" in /etc/login.defs and I didn't notice that this no
longer works because I also run `umask 027` from my shell
configuration. If you can track down why this no longer works, please
file a bug about it and convince the maintainer to fix it in stretch.