Package: libpam-modules
Version: 1.1.3-4
Severity: normal
During holding a training about Linux basics, chapters users &
permissions, I revisited the issue on how to set the umask on
Debian.
I knew it should be set via pam_umask. I did it this way to
set umask 002 for our Linux workstations.
Today I grepped for other locations and found:
root@vm6601a:/etc# grep umask *
login.defs:#UMASK Default "umask" value.
login.defs:# UMASK is the default umask value for pam_umask and is used by
login.defs:# Other former uses of this variable such as setting the umask when
ltrace.conf:octal umask(octal);
ltrace.conf:octal SYS_umask(octal);
profile:# The default umask is now handled by pam_umask.
profile:# See pam_umask(8) and /etc/login.defs.
Then I went the way recommended by the comments in profile.
But it doesn´t work, the setting for UMASK is not respected for
logins on tty as well as via SSH or KDM:
root@vm6601a:~# grep "^UMASK" /etc/login.defs
UMASK 002
root@vm6601a:~# umask
0022
(That is after a reboot of the virtual machine.)
On SLES 11 setting umask in /etc/login.defs has the desired effect.
I bet this is due to
vm6601b:/etc/pam.d # grep umask *
common-session:session optionalpam_umask.so
common-session.pam-config-backup:session optional pam_umask.so
common-session-pc:session optionalpam_umask.so
for SLES 11 versus
root@vm6601a:/etc/pam.d# grep -i umask *
root@vm6601a:/etc/pam.d#
for Debian Squeeze or
merkaba:/etc/pam.d> grep -i umask *
merkaba:/etc/pam.d#1>
for the Debian Sid laptop I am reporting this from.
Expected results:
Setting umask in /etc/login.defs works as advertised in /etc/profile.
Actual results:
Setting umask there has no effect.
Related bugs:
Personal groups should result in umask 002 by default
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643560
Possible work-around for Squeeze:
For Squeeze add a hint to /etc/profile that pam_umask needs to
be configured first. I would prefer pam_umask configuration
to be added tough.
Thanks,
Martin Steigerwald
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (120, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-modules depends on:
ii debconf [debconf-2.0] 1.5.41
ii libc6 2.13-21
ii libdb5.1 5.1.25-11
ii libpam-modules-bin 1.1.3-4
ii libpam0g 1.1.3-4
ii libselinux12.1.0-1
libpam-modules recommends no packages.
libpam-modules suggests no packages.
-- debconf information:
libpam-modules/disable-screensaver:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org