Debian Bug report logs - #646692
pam_umask: umask in /etc/login.defs not respected cause libpam_umask is not configured

version graph

Package: libpam-modules; Maintainer for libpam-modules is Steve Langasek <vorlon@debian.org>; Source for libpam-modules is src:pam.

Reported by: Martin Steigerwald <ms@teamix.de>

Date: Wed, 26 Oct 2011 09:36:32 UTC

Severity: normal

Tags: patch, upstream

Merged with 583958

Found in version pam/1.1.3-4

Blocking fix for 583971: login.defs: UMASK 022 (and have pam_umask relax it to 002 for private usergroups)

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, martin@lichtvoll.de, Steve Langasek <vorlon@debian.org>:
Bug#646692; Package libpam-modules. (Wed, 26 Oct 2011 09:36:50 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Steigerwald <ms@teamix.de>:
New Bug report received and forwarded. Copy sent to martin@lichtvoll.de, Steve Langasek <vorlon@debian.org>. (Wed, 26 Oct 2011 09:36:52 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Martin Steigerwald <ms@teamix.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pam_umask: umask in /etc/login.defs not respected cause libpam_umask is not configured
Date: Wed, 26 Oct 2011 11:31:16 +0200
Package: libpam-modules
Version: 1.1.3-4
Severity: normal

During holding a training about Linux basics, chapters users &
permissions, I revisited the issue on how to set the umask on
Debian.

I knew it should be set via pam_umask. I did it this way to
set umask 002 for our Linux workstations.

Today I grepped for other locations and found:

root@vm6601a:/etc# grep umask *
login.defs:#    UMASK           Default "umask" value.
login.defs:# UMASK is the default umask value for pam_umask and is used by
login.defs:# Other former uses of this variable such as setting the umask when
ltrace.conf:octal umask(octal);
ltrace.conf:octal SYS_umask(octal);
profile:# The default umask is now handled by pam_umask.
profile:# See pam_umask(8) and /etc/login.defs.

Then I went the way recommended by the comments in profile.

But it doesn´t work, the setting for UMASK is not respected for
logins on tty as well as via SSH or KDM:

root@vm6601a:~# grep "^UMASK" /etc/login.defs 
UMASK           002
root@vm6601a:~# umask
0022

(That is after a reboot of the virtual machine.)


On SLES 11 setting umask in /etc/login.defs has the desired effect.

I bet this is due to

vm6601b:/etc/pam.d # grep umask *
common-session:session  optional        pam_umask.so
common-session.pam-config-backup:session optional       pam_umask.so
common-session-pc:session       optional        pam_umask.so

for SLES 11 versus

root@vm6601a:/etc/pam.d# grep -i umask *
root@vm6601a:/etc/pam.d#

for Debian Squeeze or

merkaba:/etc/pam.d> grep -i umask *
merkaba:/etc/pam.d#1>

for the Debian Sid laptop I am reporting this from.


Expected results:

Setting umask in /etc/login.defs works as advertised in /etc/profile.


Actual results:

Setting umask there has no effect.


Related bugs:

Personal groups should result in umask 002 by default
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643560


Possible work-around for Squeeze:

For Squeeze add a hint to /etc/profile that pam_umask needs to
be configured first. I would prefer pam_umask configuration
to be added tough.

Thanks,
Martin Steigerwald

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (120, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-modules depends on:
ii  debconf [debconf-2.0]  1.5.41   
ii  libc6                  2.13-21  
ii  libdb5.1               5.1.25-11
ii  libpam-modules-bin     1.1.3-4  
ii  libpam0g               1.1.3-4  
ii  libselinux1            2.1.0-1  

libpam-modules recommends no packages.

libpam-modules suggests no packages.

-- debconf information:
  libpam-modules/disable-screensaver:




Forcibly Merged 583958 646692. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Thu, 27 Oct 2011 20:30:03 GMT) Full text and rfc822 format available.

Added tag(s) patch. Request was from "C. Gatzemeier" <c.gatzemeier@tu-bs.de> to control@bugs.debian.org. (Wed, 07 Nov 2012 19:21:06 GMT) Full text and rfc822 format available.

Removed tag(s) upstream. Request was from "C. Gatzemeier" <c.gatzemeier@tu-bs.de> to control@bugs.debian.org. (Tue, 23 Apr 2013 09:15:07 GMT) Full text and rfc822 format available.

Added tag(s) upstream. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Tue, 23 Apr 2013 14:21:07 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 04:01:29 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.