On Fri, 20 Apr 2001, Drew Jones wrote:
> Problem:
> Users of Redhat 7 may have their umask set insecurely while acting
> as root.
>
> Description:
> ...When the user logs in, any shell that uses /etc/profile will set
> the umask to 002 if the user's username and groupname match and their
> uid is greater than 14. If the user then issues su to become root
> without specifying the -l option the root account inherits the umask
> of 002.... Redhat seemed to understand that system users should have a
> umask of 022, because /etc/profile will set the umask that way for
> users loging in with a uid less than 14, but they forgot about su.
Maybe I'm missing something here, but isn't the "problem" with su, not
/etc/profile?
>From the su man page:
-, -l, --login
make the shell a login shell
If the shell is not a login shell, then /etc/profile nor any .*shrc
scripts are processed -- you merely assume the UID of the account you are
su'ing to. To assume the complete environment of the account you wish to
impersonate, then you have to specify '-' or '-l' so that environmental
scripts are processed.
--Rebecca Kastl
