Package: harden-doc Version: 3.13.2 Severity: normal Tags: patch Dear Javier,
startig from base-files 5.4, the default value for umask is 0002. Please consider the attached patch, that updates the Securing Debian Manual. Have a nice day, -- Charles Plessy, Tsurumi, Kanagawa, Japan
Index: after-install.sgml =================================================================== --- after-install.sgml (révision 7342) +++ after-install.sgml (copie de travail) @@ -1211,11 +1211,11 @@ information is shared between users, that is, what the default permissions of new files created by users are. -<p>Debian's default <tt>umask</tt> setting is <em>022</em> this means -that files (and directories) can be read and accessed by the user's -group and by any other users in the system. This definition is set -in the standard configuration file <file>/etc/profile</file> which -is used by all shells. +<p>Debian's default <tt>umask</tt> setting is <em>002</em> this means that +files (and directories) can be read, written and accessed by the user's group, +and read and accessed (but not written) by any other users in the system. This +definition is set in the standard configuration file <file>/etc/profile</file> +which is used by all shells. <p>If Debian's default value is too permissive for your system you will have to change the umask setting for all the shells. More restrictive umask settings Index: faq.sgml =================================================================== --- faq.sgml (révision 7342) +++ faq.sgml (copie de travail) @@ -533,7 +533,7 @@ associated with the primary group to which they belong (e.g. 'users'). <p>Debian's scheme solves this problem by assigning each user to their -own group; so that with a proper umask (0002) and the SETGID bit set +own group; so that with the default umask (0002) and the SETGID bit set on a given project directory, the correct group is automatically assigned to files created in that directory. This makes it easier for people who work on multiple projects, because they will not have to

