Debian Bug report logs - #248140
base-files: user private groups concept requires umask 002 to work

version graph

Package: base-files; Maintainer for base-files is Santiago Vila <sanvila@debian.org>; Source for base-files is src:base-files.

Reported by: Christian Gatzemeier <c.gatzemeier@tu-bs.de>

Date: Sun, 9 May 2004 15:33:01 UTC

Severity: normal

Merged with 581434

Found in versions 3.0.14, base-files/5.3

Fixed in version base-files/5.4

Done: Santiago Vila <sanvila@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, c.gatzemeier@tu-bs.de, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. Full text and rfc822 format available.

Acknowledgement sent to Christian Gatzemeier <c.gatzemeier@tu-bs.de>:
New Bug report received and forwarded. Copy sent to c.gatzemeier@tu-bs.de, Santiago Vila <sanvila@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christian Gatzemeier <c.gatzemeier@tu-bs.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: base-files: user private groups concept requires umask 002 to work
Date: Sun, 09 May 2004 17:17:24 +0200
Package: base-files
Version: 3.0.14
Severity: normal


Since user private groups are in use on new installations by default the
default umask should reflect that and be 002 in order to benefit from UPGs.

Unfortunately currently  the umask must be set manualy in two concurrent places:
/etc/login.defs and /etc/profile

I found those two files belong to the login and base-files packages.

Regards,
Christian

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.25-1-386
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Versions of packages base-files depends on:
ii  base-passwd                   3.5.7      Debian base system master password
ii  mawk [awk]                    1.3.3-11   a pattern scanning and text proces

-- no debconf information



Reply sent to Santiago Vila <sanvila@unex.es>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Christian Gatzemeier <c.gatzemeier@tu-bs.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 248140-done@bugs.debian.org (full text, mbox):

From: Santiago Vila <sanvila@unex.es>
To: Christian Gatzemeier <c.gatzemeier@tu-bs.de>, 248140-done@bugs.debian.org
Subject: Re: Bug#248140: base-files: user private groups concept requires umask 002 to work
Date: Sat, 19 Jun 2004 18:09:57 +0200 (CEST)
On Sun, 9 May 2004, Christian Gatzemeier wrote:

> Package: base-files
> Version: 3.0.14
> Severity: normal
>
>
> Since user private groups are in use on new installations by default the
> default umask should reflect that and be 002 in order to benefit from UPGs.
>
> Unfortunately currently the umask must be set manualy in two
> concurrent places: /etc/login.defs and /etc/profile
>
> I found those two files belong to the login and base-files packages.

Just because Debian has user private groups by default does not mean
an umask of 002 is always "better" than 022. If, for example, I scp -p
a file from a Debian system to a system where there are not user private
groups, the file would become writeable by a lot of people other
than myself. That would often not be desirable.

So, I prefer not to change the umask to avoid surprises.

There is nothing in the base-files package preventing you from changing
the default /etc/profile if you don't like the default one. It's a
configuration file and the changes will be preserved on upgrades.



Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. Full text and rfc822 format available.

Acknowledgement sent to "C. Gatzemeier" <c.gatzemeier@tu-bs.de>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. Full text and rfc822 format available.

Message #15 received at 248140@bugs.debian.org (full text, mbox):

From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
To: Santiago Vila <sanvila@unex.es>, 248140@bugs.debian.org
Subject: Re: Bug#248140: base-files: user private groups concept requires umask 002 to work
Date: Tue, 29 Jun 2004 12:18:45 +0200
Thank you for answering Santiago,

Am Saturday 19 June 2004 18:09 schrieb Santiago Vila:
> > Since user private groups are in use on new installations by default the
> > default umask should reflect that and be 002 in order to benefit from
> > UPGs.
> >
> > Unfortunately currently the umask must be set manualy in two
> > concurrent places: /etc/login.defs and /etc/profile
> >
> > I found those two files belong to the login and base-files packages.

> Just because Debian has user private groups by default does not mean
> an umask of 002 is always "better" than 022. If, for example, I scp -p
> a file from a Debian system to a system where there are not user private
> groups, the file would become writeable by a lot of people other
> than myself. That would often not be desirable.

You have a very valid point for scp here, I think. Does the scp not honor the 
remote umask? Without remote UPGs does scp allow making the file belong to a 
group your user ID does not belog to? When you do those kind of things as 
root between boxes with unsyncronized user bases, isn't there more to it than 
just UPGs?


> There is nothing in the base-files package preventing you from changing
> the default /etc/profile if you don't like the default one. It's a
> configuration file and the changes will be preserved on upgrades.

Yes, that is how it should to be I guess. Unfortunately, I am sorry to say, 
setting /etc/profile alone did not do it, I neeeded to put the same umask 
also explicitly into /etc/login.defs and noticed the related settings there 
(USERGROUPS_ENAB yes) did not seem to have worked.

So that was the primary reason I filed the bug, to bring some attention to  
this. I would have appreciated though, if the bug would not have been closed 
as a first response.

Kind Regards,
Christian





Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. Full text and rfc822 format available.

Acknowledgement sent to Santiago Vila <sanvila@unex.es>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. Full text and rfc822 format available.

Message #20 received at 248140@bugs.debian.org (full text, mbox):

From: Santiago Vila <sanvila@unex.es>
To: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>, 248140@bugs.debian.org
Subject: Re: Bug#248140: base-files: user private groups concept requires umask 002 to work
Date: Tue, 29 Jun 2004 13:24:30 +0200 (CEST)
On Tue, 29 Jun 2004, C. Gatzemeier wrote:

> Am Saturday 19 June 2004 18:09 schrieb Santiago Vila:
>
> > Just because Debian has user private groups by default does not mean
> > an umask of 002 is always "better" than 022. If, for example, I scp -p
> > a file from a Debian system to a system where there are not user private
> > groups, the file would become writeable by a lot of people other
> > than myself. That would often not be desirable.
>
> You have a very valid point for scp here, I think. Does the scp not
> honor the remote umask?

I think it does, yes, but the user may have scp aliased to "scp -p",
in which case the permissions of the original file take precedence,
so, as I said, I prefer to follow the principle of least surprise here.



Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. Full text and rfc822 format available.

Acknowledgement sent to "C. Gatzemeier" <c.gatzemeier@tu-bs.de>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. Full text and rfc822 format available.

Message #25 received at 248140@bugs.debian.org (full text, mbox):

From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
To: Santiago Vila <sanvila@unex.es>, 248140@bugs.debian.org
Subject: Re: Bug#248140: base-files: user private groups concept requires umask 002 to work
Date: Tue, 29 Jun 2004 18:29:37 +0200
Am Tuesday 29 June 2004 13:24 schrieb Santiago Vila:

> > Does the scp not
> > honor the remote umask?
>
> I think it does, yes, but the user may have scp aliased to "scp -p",
> in which case the permissions of the original file take precedence,
> so, as I said, I prefer to follow the principle of least surprise here.

I see, do you get any warning or a note in the man pages about the -p option 
and possible gotchas? Maybe we could propose to have scp inform the user of  
them. Because it somehow took me also by surprise that UPG handling does not 
work out of the box in debian, even without doing any aliasing ;-)

More importantly though I find the issue of changing the umask itself worth a 
look. (Read as "how changing umask needs to be done", not as "changing the 
default") Do you know how it could be made that the system umask would only 
have to be set in one place, and how one might get the mentioned UPG feature 
in login.defs to work?

A trivial quick help for the users might be to improve the comment for umask 
in /etc/profile and login.defs. Shortly stating all the places where the 
umask needs to be changed and why/what for.

Kind Regards,
Christian






Bug unarchived. Request was from charles@kunpuu.plessy.org (Charles Plessy) to control@bugs.debian.org. (Thu, 13 May 2010 01:09:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. (Thu, 13 May 2010 01:51:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. (Thu, 13 May 2010 01:51:02 GMT) Full text and rfc822 format available.

Message #32 received at 248140@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 248140@bugs.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
Date: Thu, 13 May 2010 10:43:56 +0900
found 248140 5.3
thanks

Dear Santiago,

You probably have seen the discussion about user private groups on debian-devel
this week: http://lists.debian.org/msgid-search/4BE830C8.5050009@gmail.com

The core argument is that since user private groups are not meant to be shared,
and that therefore an umask of 002 is not creating security risk. On the other
hand, an umask of 022 is preventing from harvesting the benefits of user
private groups. See in particular the summarry from Russ Allbery:
http://lists.debian.org/87fx1ykjrt.fsf@windlord.stanford.edu

I read this bug report (http://bugs.debian.org/248140) and indeed, if users
have been used that Debian has an umask of 022, perhaps the change could be
surprising. However, it would not affect existing systems. I can propose a
patch to the release notes if pepole think it would be useful.

If no stronger objections against a change from 022 to 002 is raised, would you
agree changing base-files so that /etc/profile uses 002 on new systems?

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan




Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. (Thu, 13 May 2010 09:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Santiago Vila <sanvila@unex.es>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. (Thu, 13 May 2010 09:51:05 GMT) Full text and rfc822 format available.

Message #37 received at 248140@bugs.debian.org (full text, mbox):

From: Santiago Vila <sanvila@unex.es>
To: Charles Plessy <plessy@debian.org>
Cc: 248140@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: UPG and the default umask
Date: Thu, 13 May 2010 11:48:19 +0200 (CEST)
On Thu, 13 May 2010, Charles Plessy wrote:

> found 248140 5.3
> thanks
> 
> Dear Santiago,
> 
> You probably have seen the discussion about user private groups on
> debian-devel this week:
> http://lists.debian.org/msgid-search/4BE830C8.5050009@gmail.com The
> core argument is that since user private groups are not meant to be
> shared, and that therefore an umask of 002 is not creating security
> risk. On the other hand, an umask of 022 is preventing from
> harvesting the benefits of user private groups. See in particular
> the summarry from Russ Allbery:
> http://lists.debian.org/87fx1ykjrt.fsf@windlord.stanford.edu
> 
> I read this bug report (http://bugs.debian.org/248140) and indeed,
> if users have been used that Debian has an umask of 022, perhaps the
> change could be surprising. However, it would not affect existing
> systems. I can propose a patch to the release notes if pepole think
> it would be useful.

Yes, I think this change is important enough to be documented in
release notes. You might want to mention the possible gotchas, like,
for example, performing "scp -p" from a system with umask 002 to a
system without UPG when there are already files with mode 664 floating
around.

> If no stronger objections against a change from 022 to 002 is
> raised, would you agree changing base-files so that /etc/profile
> uses 002 on new systems?

No objection.

In fact, the status of /etc/profile as a "configuration file which is
not a conffile but instead it's created only on new installs" allows us
to change the default to whatever thing we consider more sensible
without worrying too much about the principle of least surprise, as the
change is only in effect on new installs.

Will be done in base-files 5.4.

Thanks.




Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 13 May 2010 12:45:05 GMT) Full text and rfc822 format available.

Merged 248140 581434. Request was from Jonathan Nieder <jrnieder@gmail.com> to control@bugs.debian.org. (Thu, 13 May 2010 12:45:05 GMT) Full text and rfc822 format available.

Reply sent to Santiago Vila <sanvila@debian.org>:
You have taken responsibility. (Thu, 13 May 2010 17:21:06 GMT) Full text and rfc822 format available.

Notification sent to Christian Gatzemeier <c.gatzemeier@tu-bs.de>:
Bug acknowledged by developer. (Thu, 13 May 2010 17:21:06 GMT) Full text and rfc822 format available.

Message #46 received at 248140-close@bugs.debian.org (full text, mbox):

From: Santiago Vila <sanvila@debian.org>
To: 248140-close@bugs.debian.org
Subject: Bug#248140: fixed in base-files 5.4
Date: Thu, 13 May 2010 17:17:58 +0000
Source: base-files
Source-Version: 5.4

We believe that the bug you reported is fixed in the latest version of
base-files, which is due to be installed in the Debian FTP archive:

base-files_5.4.dsc
  to main/b/base-files/base-files_5.4.dsc
base-files_5.4.tar.gz
  to main/b/base-files/base-files_5.4.tar.gz
base-files_5.4_powerpc.deb
  to main/b/base-files/base-files_5.4_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 248140@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <sanvila@debian.org> (supplier of updated base-files package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 May 2010 18:35:42 +0200
Source: base-files
Binary: base-files
Architecture: source powerpc
Version: 5.4
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Santiago Vila <sanvila@debian.org>
Description: 
 base-files - Debian base system miscellaneous files
Closes: 248140 572245 581434
Changes: 
 base-files (5.4) unstable; urgency=low
 .
   * Changed umask in default /etc/profile to 002, which has a little bit
     more sense than 022 on systems like Debian having User Private Groups.
     As usual for /etc/profile, only new installs will have the new default,
     so nobody will be surprised by this on upgrades. Hopefully, this change
     will be documented in the release notes for squeeze as well, for users
     who install squeeze from scratch. Closes: #248140, #581434.
   * Refresh GNU licenses from http://ftp.gnu.org/gnu/Licenses/, as they
     have expanded the embedded tabs. Closes: #572245.
   * Switch to "3.0 (native)" format.
Checksums-Sha1: 
 576d45ebc991662a602c28fd82611cad32379d4a 971 base-files_5.4.dsc
 a7a035eb652be615135cea92838b8dee857f9bec 71285 base-files_5.4.tar.gz
 496524cc7b82a103d4e9c81150b756bdb5d332b8 73410 base-files_5.4_powerpc.deb
Checksums-Sha256: 
 41741b24f0d0b3df8eaa84268e80a976adc772604d52a5f0c3e7fa2e9a74fc4f 971 base-files_5.4.dsc
 0ba2dd22029fdd7eebd56bf2734b560b38db9a9b48e0cf5b4568afef7dcb11bc 71285 base-files_5.4.tar.gz
 00dd8547c38433dd2a00bffdcd65c752a6fefa5fa44934d0b4547719bf5e5940 73410 base-files_5.4_powerpc.deb
Files: 
 f07ba161bec1be496ca814d634873551 971 admin required base-files_5.4.dsc
 e4858789c1d7aff14837dba3e61850ef 71285 admin required base-files_5.4.tar.gz
 efb32989cadfe0a7a14ef06a8ec357d2 73410 admin required base-files_5.4_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBCAAGBQJL7CsvAAoJEEHOfwufG4sysOEIAKhlHQdeB6Wd6bM8J4w5euV8
bZffG3Pq8J2gSbzK9FvYcKvRXN1CP73AxaffMEvLdL1KJZ6aSukzXZXkVXozDYj/
UbVo8fFPAAkwL4h2E5FUCzQaJxPtnlVQYU0/iHgs6nBg8GiRYqW5kom1RzpzKQVm
HRnc3ndSHux8QnzqEFgEsF/3Q8oO7AiHEWd164jBQp/UHtnuWufVtaPSy7mMVb2G
odOWG8K0hsq99rP9KLJFvAfoggib4jK8XVdV1mFK9VuXGcGxTYhlWVrteCY+/ndg
xoLJkQZoKiehQ7zrZmILI6J0g0zHFKtAyg1wp6LfboM2ilhC1wVRicksnwcnHDI=
=vFXM
-----END PGP SIGNATURE-----





Reply sent to Santiago Vila <sanvila@debian.org>:
You have taken responsibility. (Thu, 13 May 2010 17:21:07 GMT) Full text and rfc822 format available.

Notification sent to Aaron Toponce <aaron.toponce@gmail.com>:
Bug acknowledged by developer. (Thu, 13 May 2010 17:21:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. (Sun, 16 May 2010 15:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "C. Gatzemeier" <c.gatzemeier@tu-bs.de>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. (Sun, 16 May 2010 15:06:03 GMT) Full text and rfc822 format available.

Message #56 received at 248140@bugs.debian.org (full text, mbox):

From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
To: 248140@bugs.debian.org
Subject: Re: Bug#248140 closed by Santiago Vila <sanvila@debian.org> (Bug#581434: fixed in base-files 5.4)
Date: Sun, 16 May 2010 17:02:30 +0200
Thank you for looking into and solving the default umask issue.

In the meantime (at least from following ubuntu) it seams the pam_umask
has long entered main and it gave us back /etc/login.defs as a central
place to set the umask (without depending on umask settings
in particular shell rc scripts or /etc/profile to set the umask).

Maybe with removing the umask line from /etc/profile entirely, and
adding the line "session optional pam_umask.so usergroups"
to /etc/pam.d/common-session (man pam_umask) the issue can be handled
even better for next release?

(Still existing /etc/profiles won't change, but we'll reestablish a
central mechanism to change/customize the default umask, that works
with all shells/logins/points of entry.)




Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. (Mon, 17 May 2010 12:12:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Santiago Vila <sanvila@unex.es>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. (Mon, 17 May 2010 12:12:09 GMT) Full text and rfc822 format available.

Message #61 received at 248140@bugs.debian.org (full text, mbox):

From: Santiago Vila <sanvila@unex.es>
To: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>, 248140@bugs.debian.org
Subject: Re: Bug#248140: closed by Santiago Vila <sanvila@debian.org> (Bug#581434: fixed in base-files 5.4)
Date: Mon, 17 May 2010 14:09:11 +0200 (CEST)
On Sun, 16 May 2010, C. Gatzemeier wrote:

> 
> Thank you for looking into and solving the default umask issue.
> 
> In the meantime (at least from following ubuntu) it seams the pam_umask
> has long entered main and it gave us back /etc/login.defs as a central
> place to set the umask (without depending on umask settings
> in particular shell rc scripts or /etc/profile to set the umask).
> 
> Maybe with removing the umask line from /etc/profile entirely, and
> adding the line "session optional pam_umask.so usergroups"
> to /etc/pam.d/common-session (man pam_umask) the issue can be handled
> even better for next release?
> 
> (Still existing /etc/profiles won't change, but we'll reestablish a
> central mechanism to change/customize the default umask, that works
> with all shells/logins/points of entry.)

I would prefer this umask setting being handled by PAM, yes.

What would be the steps for that?




Information forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#248140; Package base-files. (Tue, 25 May 2010 15:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "C. Gatzemeier" <c.gatzemeier@tu-bs.de>:
Extra info received and forwarded to list. Copy sent to Santiago Vila <sanvila@debian.org>. (Tue, 25 May 2010 15:42:03 GMT) Full text and rfc822 format available.

Message #66 received at 248140@bugs.debian.org (full text, mbox):

From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>
To: Santiago Vila <sanvila@unex.es>
Cc: 248140@bugs.debian.org
Subject: Re: Bug#248140: closed by Santiago Vila <sanvila@debian.org> (Bug#581434: fixed in base-files 5.4)
Date: Tue, 25 May 2010 17:39:41 +0200
Hi, thanks for your message.

Am Mon, 17 May 2010 14:09:11 +0200 (CEST)
schrieb Santiago Vila <sanvila@unex.es>:

> I would prefer this umask setting being handled by PAM, yes.
> 
> What would be the steps for that?

As I don't have access to debian servers ATM, maybe you could quickly
check by "man pam_umask" if pam_umask in debian really supports the
"usergroups" option, just to make sure.

Then there is a howto on the following ubuntu wiki page, which also
contains the issues and workarounds concerning the umask setting.
https://wiki.ubuntu.com/MultiUserManagement





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 28 Jun 2010 07:34:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 15:26:07 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.