Your message dated Thu, 1 Sep 2022 11:06:58 +0200 with message-id <dc281b4c-fa73-3a0a-e1df-6a1363689...@debian.org> and subject line Re: Bug#1018849: systemd does not honor pam_umask setting has caused the Debian Bug report #1018849, regarding systemd does not honor pam_umask setting to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1018849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018849 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: systemd Version: 251.3-1 Severity: normal Dear Maintainer, despite the line session optional pam_umask.so umask=0027 in /etc/pam.d/common-session and the line UMASK 027 in /etc/login.defs, every process spawned by systemd has umask=0022. Files newly created under a regular bash shell get correct 640 permissions instead. I noticed this issue the first time ~2 months ago: till then my umask settings were respected. Thanks -- Package-specific info: -- System Information: Debian Release: bookworm/sid APT prefers testing-proposed-updatesAPT policy: (990, 'testing-proposed-updates'), (990, 'testing'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'oldstable-proposed-updates'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.19.5-xanmod1-x64v2+amdnative (SMP w/16 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages systemd depends on: ii adduser 3.128 ii libacl1 2.3.1-1 ii libaudit1 1:3.0.7-1+b1 ii libblkid1 2.38.1-1 ii libc6 2.34-4 ii libcap2 1:2.44-1 ii libcryptsetup12 2:2.5.0-2 ii libfdisk1 2.38.1-1 ii libgcrypt20 1.10.1-2 ii libkmod2 30+20220630-3 ii liblz4-1 1.9.3-2 ii liblzma5 5.2.5-2.1 ii libmount1 2.38.1-1 ii libseccomp2 2.5.4-1+b1 ii libselinux1 3.4-1+b1 ii libssl3 3.0.5-2 ii libsystemd-shared 251.3-1 ii libsystemd0 251.3-1 ii libzstd1 1.5.2+dfsg-1 ii mount 2.38.1-1 Versions of packages systemd recommends: ii chrony [time-daemon] 4.2-3 ii dbus [default-dbus-system-bus] 1.14.0-2 Versions of packages systemd suggests: ii libfido2-1 1.11.0-1+b1 ii libtss2-esys-3.0.2-0 3.2.0-1+b1 ii libtss2-mu0 3.2.0-1+b1 ii libtss2-rc0 3.2.0-1+b1 ii policykit-1 0.105-33 pn systemd-boot <none> ii systemd-container 251.3-1 pn systemd-homed <none> pn systemd-userdbd <none> Versions of packages systemd is related to: ii dbus-user-session 1.14.0-2 pn dracut <none> ii initramfs-tools 0.142 ii libnss-systemd 251.3-1 ii libpam-systemd 251.3-1 ii udev 251.3-1 -- debconf-show failed
--- End Message ---
--- Begin Message ---Am 01.09.22 um 01:50 schrieb Maurizio Avogadro:Package: systemd Version: 251.3-1 Severity: normal Dear Maintainer, despite the line session optional pam_umask.so umask=0027 in /etc/pam.d/common-session and the line UMASK 027 in /etc/login.defs, every process spawned by systemd has umask=0022. Filesnewly created under a regular bash shell get correct 640 permissions instead.I noticed this issue the first time ~2 months ago: till then my umask settingswere respected.systemd starts services in a clean and defined execution environment. It doesn't inherit any settings from your login shell. This is by design.If you want the umask changed for a service see man systemd.exec → UMask= You can change the UMask= setting per service or globally for all services. I'd recommend to do it via a drop-in. E.g /etc/systemd/system/foo.service.d/umask.conf for a single serviceor /etc/systemd/system/service.d/umask.conf if you want to change it globallySee also man systemd.unit if you want to read more about how drop-ins work. Regards, MichaelOpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---