Sergey Poznyakoff <[email protected]> wrote: > But the main supposition behind make install was that it sets a > rather liberal permissions, expecting the user to tighten them as he > feels fit by using proper umask settings.
umask doesn't affect the "install" program: # umask 0022 # install /bin/true -o root -m 4775 /tmp/true # ls -l /tmp/true -rwsrwxr-x 1 root default 642704 Jan 5 14:57 /tmp/true If you want umask to take effect, don't specify the permissions in the arguments for install. Instead, use chmod after installing, and modify only the bits you care about: # install program -o root /bindir/program # chmod u+s /bindir/program Even if umask is used, the user may not have thought about setuid programs when setting their umask. For setuid programs, you will cause far less damage by being too cautious than by being too permissive. It's far better to be restrictive, and let the user chmod the program afterwards if they need to, than to create a security hole. paul
