Branch: refs/heads/master
Home: https://github.com/jenkinsci/jenkins
Commit: cf5a9b7c20dfab68247b1cbcf98ba28188475acc
https://github.com/jenkinsci/jenkins/commit/cf5a9b7c20dfab68247b1cbcf98ba28188475acc
Author: Kohsuke Kawaguchi <[email protected]>
Date: 2014-08-29 (Fri, 29 Aug 2014)
Changed paths:
M changelog.html
M debian/debian/jenkins.default
M debian/debian/jenkins.init
Log Message:
-----------
[FIXED JENKINS-24514]
Ubuntu (at least as of 12.04) has the default umask 022, which made some
users nervous. Quoting its /etc/login.defs below, which explains its
historical origin:
UMASK is the default umask value for pam_umask and is used by
useradd and newusers to set the mode of the new home directories.
022 is the "historical" value in Debian for UMASK
027, or even 077, could be considered better for privacy
There is no One True Answer here : each sysadmin must make up his/her
mind.
It does seem to me that a bit more restrictive default is sensible,
so this change introduces /etc/default/jenkins parameter that sets the
default umask to 027 to prevent "others" from seeing files.
Not that keys and other sensitive files are protected anyway, so it is
not the case that the privacy of Jenkins data files have been vulnerable
prior to this change.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
