On Wed, 9 Mar 2022 17:29:01 -0500, Michael Stone <mst...@debian.org> wrote: >On Tue, Mar 08, 2022 at 12:29:43PM -0700, Sam Hartman wrote: >>I don't think it makes sense to move toward 0700 home directories and to >>loosen the umask for usergroups. > >Those are actually unrelated--the big reason for the more permissive >umask is to allow people to seamlessly work with other people in a >group, especially within setgid shared directories. Those shared >directories can be anywhere, and are likely *not* in a single user's >home.
Hence, no change needed in adduser? Or is that an argument for having DIR_MODE=0700 in default? >This was changed in coreutils to be posix-compliant more than 20 years >ago. The spec is that chown accepts user:group syntax, and chown will >always first attempt to split on ":". If there is no :, chown will try to >resolve the whole argument as a username (that is, regardless of whether >there's a "."). If the username isn't resolvable *and* it contains a >".", it will try to split on the first "." and use the left side as the >username and the right side as the group. So *only if* someone attempts >to use a dot-containing username in chown without a : and the >dot-containing username is invalid, then it might be interpreted as a >user.group spec. >Now, if someone is trying to actually use user.group >syntax rather than the user:group syntax that's been standard for 20+ >years, that will definitely break in the presence of dot-containing >usernames. ... but just in the case that the same string exists both as the last component of a dot-containing user name AND as a group name. All other cases are defined. How would the spec listed above behave for user names with more than one dot? > Given how common such usernames are on other systems, I'd >expect the breakage to be minimal by now, and a bug in anything still >using that syntax. We could make coreutils print a deprecation warning, >but that's never really been useful in the past; probably better to just >error out any time a . is used for something other than a valid username >and drop the 20+ year old compatability code. Do you want a coreutils bug to error out in the case of user.group notation in chown? I guess it's due time. Would we go alone in Debian or would you prefer that we try convincing upstream to finally go that way? I am not convinced that Debian should derive from standard behavior here, but you have the coreutils hat on and I would support either decision. And then we'd have to decide whether adduser may allow dot-containing user names before coreutils made this change. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834