Your message dated Sun, 27 Jul 2025 17:14:07 +0200
with message-id <aizcpwnatf-iy...@per.namespace.at>
and subject line Re: Bug#1064044: change Debian's default umask to a more
secure value such as umask 0077
has caused the Debian Bug report #1064044,
regarding change Debian's default umask to a more secure value such as umask
0077
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064044: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064044
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: general
Severity: wishlist
Feature request:
Change Debian's default umask to a more secure value such as umask 0077.
Why?
Quote Securing Debian Manual [1]
> Debian's default umask setting is 022 this means that files (and
directories) can be read and accessed by the user's group and by any
other users in the system. This definition is set in the standard
configuration file /etc/profile which is used by all shells.
> If Debian's default value is too permissive for your system you will
have to change the umask setting for all the shells. More restrictive
umask settings include 027 (no access is allowed to new files for the
other group, i.e. to other users in the system) or 077 (no access is
allowed to new files to the members the user's group).
> Finally, you should consider changing root's default 022 umask (as
defined in /root/.bashrc) to a more strict umask. That will prevent the
system administrator from inadvertenly dropping sensitive files when
working as root to world-readable directories (such as /tmp) and having
them available for your average user.
Would that be reasonable change Debian's default umask to a more secure
value such as umask 0077 or do you expect any breakage, would that be
manageable?
Cheers,
Patrick
[1]
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s11.en.html#id-1.5.14.19
--- End Message ---
--- Begin Message ---
On Fri, Feb 16, 2024 at 10:43:00AM +0000, Patrick Schleizer wrote:
> Package: general
> Severity: wishlist
>
> Feature request:
> Change Debian's default umask to a more secure value such as umask 0077.
It appears this never even got a response on d-devel, probably
maybe because it was filed as a wishlist bug. If you really want
this, you probably need to start a fresh discussion on d-devel and
loop in the relevant maintainers.
Chris
--- End Message ---
