Hi Steve,
Thanks for taking care!
First of all, this was never a real bug-report... more an
investigation and understanding how pam_umask is working and how someone
can influence the default UMASK settings.
Can you tell me to which of Ubuntu's MLs I should start such a
discussion next time
On Tue, Feb 12, 2013 at 08:00:25AM -, Sedat Dilek wrote:
Can you tell me to which of Ubuntu's MLs I should start such a
discussion next time (opening a BR was IMHO not the very best idea :-))?
I think ubuntu-devel (moderated) or ubuntu-devel-discuss (unmoderated) is
the most likely venue
** Bug watch added: Debian Bug tracker #643560
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643560
** Also affects: pam (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643560
Importance: Unknown
Status: Unknown
--
You received this bug notification because you
** No longer affects: pam (Debian)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1097262
Title:
[pam][pam_umask]: Explicitly set the user specific umask at (shell)
login to 0022 value
To manage
I don't see anything here that's a bug in the pam package.
when I am working with the Freetz build-system I have this
umask/shell problem described in [1].
It is a bug for any build system to make assumptions about the umask.
If particular permissions are required, it should set them
** Attachment added: Original /etc/pam.d/login
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3505727/+files/login.orig
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: Refreshed /etc/pam.d/login (v2)
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3505728/+files/login_pam_umask_so-umask-v2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: Refreshed /etc/pam.d/common-session (v2)
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3505730/+files/common-session_pam_umask_so-umask-v2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Attachment added: Refreshed /etc/pam.d/login (v3)
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3505735/+files/login_pam_umask_so-umask-v3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: Diff pam_umask man-page (rebuild latest pam (1.1.3-7ubuntu2))
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3505731/+files/pam_umask-man8.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Attachment added: Original /etc/pam.d/common-session
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3505729/+files/common-session.orig
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: Refreshed /etc/pam.d/login (v4)
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3505753/+files/login_pam_umask_so-umask-v4
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hmm, looks like these common-* files were generated today.
# LC_ALL=C ls -alt /etc/pam.d/common-*
-rw-r--r-- 1 root root 699 Jan 8 13:23 /etc/pam.d/common-session.diff
-rw-r--r-- 1 root root 1435 Jan 8 12:35
/etc/pam.d/common-session-noninteractive
-rw-r--r-- 1 root root 1515 Jan 8 12:35
OK, 'dpkg-reconfigure libpam-runtime' (not libpam-modules) invokes 'pam-
auth-update' binary which is able to generate/update ...Local
modifications to /etc/pam.d/common-* ...:
# cd /etc/pam.d
# mkdir COMMON
# mv common-* COMMON/
# dpkg-reconfigure libpam-modules
# LC_ALL=C ls -alt
Investigating common-* and where these includes come from...
root# dpkg -S /etc/pam.d/other
libpam-runtime: /etc/pam.d/other
root# cat /etc/pam.d/other
#
# /etc/pam.d/other - specify the PAM fallback behaviour
#
# Note that this file is used for any unspecified service; for example
#if
NO changes to pam_umask.so generated by (un)selecting one of these items
(see attached diff):
# pam-auth-update --force
[*] Unix authentication
[*] Register user sessions in the systemd control group hierarchy
[*] GNOME Keyring Daemon - Login keyring management
[*] ConsoleKit Session Management
WorksForMe take #2: Side-effects?
$ grep pam_umask.so /etc/pam.d/common-session
#session optional pam_umask.so --- COMMENTED!
$ grep pam_umask.so /etc/pam.d/login
sessionoptional pam_umask.so umask=0022 --- UNCOMMENTED - setting has
now an effect!
--
You received
NEVER NEVER NEVER... NEVER EVER REMOVE /etc/pam.d/common-session file
!!!
http://grml.org [saves your admin-day!]
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1097262
Title:
[pam][pam_umask]:
** Attachment added: WorksForMe version of /etc/pam.d/common-session
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3477180/+files/common-session_pam_umask_so-fixed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Attachment added: Commented /etc/pam.d/login file
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1097262/+attachment/3477181/+files/login_pam_umask_so-fixed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Another alternative which works here:
root# chfn -o umask=0022 myusername
[ /etc/shadow ]
-myusername:x:1000:1000:WeAreFam,,,:/home/myusername:/bin/bash
+myusername:x:1000:1000:WeAreFamumask=0022:/home/myusername:/bin/bash
root# grep pam_umask.so /etc/pam.d/common-session
session optional
# egrep 'umask|libpam-umask' -nr /etc/skel/
/etc/skel/.profile:7:# the default umask is set in /etc/profile; for setting
the umask
/etc/skel/.profile:8:# for ssh logins, install and configure the libpam-umask
package.
/etc/skel/.profile:9:#umask 022
According to [1] /etc/profile should not be
So the root cause seems to be the USERGROUPS_ENAB setting:
--- /etc/login.defs.orig
+++ /etc/login.defs
-USERGROUPS_ENAB yes
+USERGROUPS_ENAB no
This gives a 0022 umask in xterm.
Not sure what side-effects this change will cause.
[ /etc/login.defs ]
...
#
# Login configuration initializations:
Worth reading why UMASK/USERGROUPS_ENAB changes were done.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583971
** Bug watch added: Debian Bug tracker #583971
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583971
--
You received this bug notification because you are a member of Ubuntu
The pam_umask man-page is not up2date.
$ zgrep influenced by USERGROUPS_ENAB /usr/share/man/man8/pam_umask.8.gz
[ EMPTY ]
$ dpkg -S /usr/share/man/man8/pam_umask.8.gz
libpam-modules: /usr/share/man/man8/pam_umask.8.gz
$ dpkg -l | grep libpam-modules
ii libpam-modules
Blueprints Change the default umask to 0002
https://blueprints.launchpad.net/ubuntu/+spec/umask-to-0002
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1097262
Title:
[pam][pam_umask]: Explicitly
26 matches
Mail list logo
