Niels Möller wrote:
And now enter lshd, which is *not* PAMified.
The comments in doc/NOTES indicate that's it's not going to happen in
the future either. Although the code does seem to have some PAM support
in the form of lsh-pam-checkpw. But that probably wouldn't set the umask
if it were enabled.
I'm not sure what the status of PAM is in debian. Does policy say that
all login-like services must use PAM, and if you don't use PAM, you're
on your own? Or is there some recommended way for non-PAM-services to
get this right on Debian?
No idea. With doc/NOTES in mind, I wonder why OpenSSH developers did
choose to implement PAM.
One possible workaround might be to add a script to /etc/profile.d which
does something like
while read key value rest_of_line ; do
if [ "$key" = "UMASK" ] ; then
umask "$value"
fi
done << EOF
`cat /etc/login.defs`
EOF
Indeed a nice way to work around it until there's a real solution.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
