On Mon, May 17, 2010 at 10:22 AM, Christoph Anton Mitterer <cales...@scientia.net> wrote: > On Sun, 16 May 2010 18:18:14 -0400, Felipe Sateler <fsate...@gmail.com> > wrote: >> Is there a reason to support non-UPG systems? > Not to force users to use anything that they don't want? > > > btw: While I stopped at some point commenting that issue, when I realised > that general security concerns were simply ignored,... I've seen that there > were plans to automatically detect whether a user could have "secure" UPG, > right? > > May I suggest the following: > Either: > 1) Debian should make this decision fully configurable (whether to use UPG > and which umask _system wide_ (!) or not). Of course it is already > configurable, but I mean something like configuration during installer > phase, or via debconf at some package where this fits to. > At that/those places, when choosing UPG, only the supposedly "secure" > default umasks could be presented and the user could be taught about the > pros and cons of UPGs. > > Or: > 2) It should be easy to prevent the now ongoing changes (switching default > umask and so on), and for new installations, easy to go back to the old > way. > 3) If you make such automatic checks whether a user can have UPGs > "securely", I guess you should take care that these checks are > "dynamically", as a user may change his groups. > > > btw2: Has there been a final decision whether this UPG-stuff is also > enabled for system users? Especially things like the users from postgresql, > or other daemons?
See below libpam umask could be used for this task and extended if needed. > > btw3: As this change seems to be decided, wouldn't it make sense to change > the UMASK value in login.defs and the currently documentation that tells > some secure values: > # 022 is the "historical" value in Debian for UMASK when it was used > # 027, or even 077, could be considered better for privacy > # There is no One True Answer here : each sysadmin must make up his/her > # mind. > #UMASK 022 > > to the "new" ones with the insecure ones: > # 022 is the "historical" value in Debian for UMASK when it was used > # 002 is the new default for use with user private groups. > # There is no One True Answer here : each sysadmin must make up his/her > # mind. > #UMASK 002 > Using libpam umask will be simplier: Put this to /etc/pam.d/common-session file: session optional pam_umask.so umask=022 Only one place and documented. Bastien -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktililnfhaxu7g5chwu32ac1dykgjjsxorwa7v...@mail.gmail.com
