Your message dated Thu, 1 Sep 2022 11:06:58 +0200
with message-id <dc281b4c-fa73-3a0a-e1df-6a1363689...@debian.org>
and subject line Re: Bug#1018849: systemd does not honor pam_umask setting
has caused the Debian Bug report #1018849,
regarding systemd does not honor pam_umask setting
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1018849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018849
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: systemd
Version: 251.3-1
Severity: normal

Dear Maintainer,

despite the line

session optional pam_umask.so umask=0027

in /etc/pam.d/common-session and the line

UMASK 027

in /etc/login.defs, every process spawned by systemd has umask=0022. Files
newly created under a regular bash shell get correct 640 permissions instead.

I noticed this issue the first time ~2 months ago: till then my umask settings
were respected.

Thanks


-- Package-specific info:

-- System Information:
Debian Release: bookworm/sid
APT prefers testing-proposed-updates
APT policy: (990, 'testing-proposed-updates'), (990, 'testing'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'oldstable-proposed-updates'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.19.5-xanmod1-x64v2+amdnative (SMP w/16 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii adduser 3.128
ii libacl1 2.3.1-1
ii libaudit1 1:3.0.7-1+b1
ii libblkid1 2.38.1-1
ii libc6 2.34-4
ii libcap2 1:2.44-1
ii libcryptsetup12 2:2.5.0-2
ii libfdisk1 2.38.1-1
ii libgcrypt20 1.10.1-2
ii libkmod2 30+20220630-3
ii liblz4-1 1.9.3-2
ii liblzma5 5.2.5-2.1
ii libmount1 2.38.1-1
ii libseccomp2 2.5.4-1+b1
ii libselinux1 3.4-1+b1
ii libssl3 3.0.5-2
ii libsystemd-shared 251.3-1
ii libsystemd0 251.3-1
ii libzstd1 1.5.2+dfsg-1
ii mount 2.38.1-1

Versions of packages systemd recommends:
ii chrony [time-daemon] 4.2-3
ii dbus [default-dbus-system-bus] 1.14.0-2

Versions of packages systemd suggests:
ii libfido2-1 1.11.0-1+b1
ii libtss2-esys-3.0.2-0 3.2.0-1+b1
ii libtss2-mu0 3.2.0-1+b1
ii libtss2-rc0 3.2.0-1+b1
ii policykit-1 0.105-33
pn systemd-boot <none>
ii systemd-container 251.3-1
pn systemd-homed <none>
pn systemd-userdbd <none>

Versions of packages systemd is related to:
ii dbus-user-session 1.14.0-2
pn dracut <none>
ii initramfs-tools 0.142
ii libnss-systemd 251.3-1
ii libpam-systemd 251.3-1
ii udev 251.3-1

-- debconf-show failed

--- End Message ---
--- Begin Message ---
Am 01.09.22 um 01:50 schrieb Maurizio Avogadro:
Package: systemd
Version: 251.3-1
Severity: normal

Dear Maintainer,

despite the line

session optional pam_umask.so umask=0027

in /etc/pam.d/common-session and the line

UMASK 027

in /etc/login.defs, every process spawned by systemd has umask=0022. Files
newly created under a regular bash shell get correct 640 permissions instead.

I noticed this issue the first time ~2 months ago: till then my umask settings
were respected.

systemd starts services in a clean and defined execution environment. It doesn't inherit any settings from your login shell. This is by design.

If you want the umask changed for a service see
man systemd.exec → UMask=

You can change the UMask= setting per service or globally for all services.

I'd recommend to do it via a drop-in.
E.g /etc/systemd/system/foo.service.d/umask.conf for a single service
or /etc/systemd/system/service.d/umask.conf if you want to change it globally

See also man systemd.unit if you want to read more about how drop-ins work.

Regards,
Michael


Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---

Reply via email to