On Tue, 08 Mar 2022 20:48:46 +0100, Ansgar <ans...@43-1.org> wrote: >On Tue, 2022-03-08 at 12:29 -0700, Sam Hartman wrote: >> > > > > >> Take a look at https://salsa.debian.org/vorlon/pam/-/merge_requests/3 >> >> According to the history of that patch, we have some old consensus to >> move toward usergroups and a default umask of 0002 (except for root >> which gets 0022). > >On systems that don't use usergroups for all/some users, doesn't this >change make all files writable by other users by default? That would >seem like a very unsecure change on upgrades (or as a default).
Maybe we need to adapt that patch to only set umask to 002 if the user's primary group is identically named. >(Though I think the current world-readable by default is already quite >bad. It seems like a unsafe choice on both single-user and multi-user >systems...) It surely references an administration style that sadly does not fit these days. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834