Hi! On Sat, Jun 18, 2005 at 08:39:08PM +0200, martin f krafft wrote: > also sprach Alexander Gattin <[EMAIL PROTECTED]> [2005.06.18.0037 +0200]:
Ypu can omit my e-mail when replying to this list ;) > > Why so? I see different behaviour (/dev/pts/3). > > Maybe you mean the difference between login and su? > /etc/profile:#umask 0007 > /etc/login.defs:UMASK 0007 > [EMAIL PROTECTED]:~$ umask > 0022 IMHO, you just missed something... First, here are my settings for the test: > [EMAIL PROTECTED]:~$ egrep -i "^#?umask" /etc/login.defs /etc/profile > .bash_profile > /etc/login.defs:UMASK 027 > /etc/profile:#umask 022 > .bash_profile:#umask 022 Then, I run login: > [EMAIL PROTECTED]:~$ exec login > cherokee login: ramazan > Password: > Last login: Sat Jun 18 22:59:51 2005 on pts/5 > No mail. > [EMAIL PROTECTED]:~$ umask > 0027 > > I propose EXACTLY THE OPPOSITE -- remove all `umask > [...] > > Then add to that comments links pointing to pam_umask > > and other stuff that can really help. > > That's not the opposite of what I had proposed. Actually, yes ;) I hope we will come to some reasonable conclusion. > > Also, when shell does not set umask or user don't use a > > real shell as login shell (e.g. "ppp" user with > > /usr/sbin/pppd for shell) -- where will the umask be > > set from? > > With libpam_umask: the right place > Anything else: undefined Why? login.defs is not a bad place for setting umask through _login_ (it should also be respected by `su -` IMHO). But, user may enter the system through cron, ssh and other places, which don't pass through login/su/login.defs but though PAM do. This is the actual reason why login.defs should be obsoleted sometime in favor of pam_umask or similar. > > Do you really think they could get it from _/etc/profile_ in that case? > > I think you should not work yourself up over it. Sorry, I don't understand what do you mean here... > > configurability for it in login.defs (but: I heard about setting > > umask from GECOS...) > > Have a pointer? I'll simply explain: in GECOS the last 5th field (after full name, room number, work and home phone #s, may contain parameters like "umask=0026,pri=5" etc. For details see shadow/libmisc/limits.c BTW, here you see that umask had commod codebase with limits. Actually it was set in set_limits() procedure, but newer PAM approach has split limits into pam_limits which supports per-user settings and pam_umask which is far too more primitive than legacy code was regarding umask/pri(nice)/ulimit/GECOS... This stupid pam_umask can only operate globally. > > So people just put their preferred umask in their personal > > .bash_profile or another shellrc, and setting umask in _global_ > > shellrc came just "by analogy", while there was definitely > > a better place for _global_ umask setting (in login.defs, of > > course) even in those times. > > You clearly have never worked with "users". Or, no, I do almost every day. :-/ -- WBR, xrgtn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
