Web lists-archives.com

Re: UMASK 002 or 022?




The wider community doesn't seem that concerned with the fact that all Debian and Ubuntu users are now (with the most recent stable releases) completely unable to change their default umask (and further have a default setting that gives the world read access to all their documents). I think this needs to be viewed as a security issue.

Even with the premise that the average Linux user is more computer competent than the average Windows or Mac user, I still don't think it's a fair assumption that all linux users know all about umask and permissions. Due to this, many users may unwittingly create "guest" accounts or friend accounts on their computers unknowingly giving read access to all documents they've created. This is not an uncommon practice in university contexts especially. Same goes if there's any sort of remote access going on through SSH etc.

This issue strikes me as something that should be of higher concern to the community.

Someone mentioned changing the permissions on one's home folder. That just adds insult to injury that by default everyone's home folder let's the world have read access along with all files being created with read access. It's poor privacy and security policy. The average computer-user assumes that other account holders can't read their "stuff" unless they do something to allow that person to read their stuff. But this is completely untrue on Debian Stretch and Ubuntu 17.04.